[PATCH] Allow printing key digests in key edit

Robert J. Hansen rjh at sixdemonbag.org
Mon Jan 30 15:52:31 CET 2012

On 1/30/12 8:36 AM, Christian Aistleitner wrote:
> I suppose we all agree that among those who claim such "nonsense"
> are for example renowned cryptographer Bruce Schneier [1]. For
> whatever reason places like Apache.org also follow this nonsense
> [2].

A guy I know is fond of saying that God may know absolute truth, but for
us mortals every truth has a context.

Schneier is a cryptographer.  When he says something is broken, he means
in a cryptographer's sense: that it substantially fails to meet its
original design criteria.  But to say that SHA-1 is "broken," full stop,
presents its brokenness as an absolute fact, when the truth is it just

I know a ton of people who are still using MD5 as a collision-resistant
hash.  This gives some people the heebie-jeebies, but the people who are
doing this include some of the smartest people I've ever known, and they
have good reasons for doing it.

> It's solely about letting GnuPG (not general OpenPGP) users
> experiment.

Then post your code as a diff against a 2.0.x tree and let interested
users apply the patch themselves.  Why should an experimental,
let's-play-around feature be introduced into the trunk of GnuPG and have
*all* of GnuPG's users be exposed to it?

> This might help finding answers to questions like:

It might.  It's a good idea.  It's just not (IMO) a good idea to include
it in GnuPG-trunk.

More information about the Gnupg-devel mailing list