Fingerprint algorithm and SHA-1 usage
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Dec 19 12:22:09 CET 2012
Christian Aistleitner <christian at quelltextlich.at> writes:
>So do I. The weakest link is us humans. I'd be glad if more people would
>start to check more than only the first and last byte of the SHA-1 hash to
>assert that two hashes match.
For more on this could I recommend "Do Users Verify SSH Keys?",
https://www.usenix.org/publications/login/august-2011-volume-36-number-4/do-users-verify-ssh-keys.
(And no, it's not a deliberate invocation of Betteridge's Law).
Peter.
More information about the Gnupg-devel
mailing list