Fingerprint algorithm and SHA-1 usage

Peter Gutmann pgut001 at
Wed Dec 19 12:22:09 CET 2012

Christian Aistleitner <christian at> writes:

>So do I. The weakest link is us humans. I'd be glad if more people would
>start to check more than only the first and last byte of the SHA-1 hash to
>assert that two hashes match.

For more on this could I recommend "Do Users Verify SSH Keys?",

(And no, it's not a deliberate invocation of Betteridge's Law).


More information about the Gnupg-devel mailing list