please change the default hashing algorithm

Andrew Clausen andrew.p.clausen at gmail.com
Sun Jul 12 17:47:28 CEST 2015


Hi GPG developers,

By default, GPG uses the SHA1 hashing algorithm, which has been believed to be
weak for over 10 years.[1]  Is it possible to change the default over to
SHA256?

I understand that there are several different uses for hashing algorithms,
governed by the personal-digest-preferences and cert-digest-algo options.
I would think it makes sense to switch both of these over to SHA256, but
it's much more important to switch over personal-digest-preferences.

Previous email discussions on this list have mentioned some kind of
compatibility concerns.  If we can't switch both over immediately, are there
any compatibility concerns with just switching personal-digest-preferences
over?

Cheers,
Andrew

[1] https://www.schneier.com/blog/archives/2005/02/sha1_broken.html




More information about the Gnupg-devel mailing list