please change the default hashing algorithm
flapflap at riseup.net
Mon Jul 13 00:53:05 CEST 2015
> Hi GPG developers,
> By default, GPG uses the SHA1 hashing algorithm, which has been believed to be
> weak for over 10 years. Is it possible to change the default over to
> I understand that there are several different uses for hashing algorithms,
> governed by the personal-digest-preferences and cert-digest-algo options.
> I would think it makes sense to switch both of these over to SHA256, but
> it's much more important to switch over personal-digest-preferences.
> Previous email discussions on this list have mentioned some kind of
> compatibility concerns. If we can't switch both over immediately, are there
> any compatibility concerns with just switching personal-digest-preferences
>  https://www.schneier.com/blog/archives/2005/02/sha1_broken.html
some additional opinions for the discussion:
The "OpenPGP Best Practices" of Riseup also recommend against choosing
SHA1 in some cases:
and also SHA1 is highlighted in red when querying the key status with
$ hkt export-pubkeys <KEYID|UID> | hokey lint
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel