please change the default hashing algorithm

flapflap flapflap at
Mon Jul 13 00:53:05 CEST 2015

Andrew Clausen:
> Hi GPG developers,
> By default, GPG uses the SHA1 hashing algorithm, which has been believed to be
> weak for over 10 years.[1]  Is it possible to change the default over to
> SHA256?
> I understand that there are several different uses for hashing algorithms,
> governed by the personal-digest-preferences and cert-digest-algo options.
> I would think it makes sense to switch both of these over to SHA256, but
> it's much more important to switch over personal-digest-preferences.
> Previous email discussions on this list have mentioned some kind of
> compatibility concerns.  If we can't switch both over immediately, are there
> any compatibility concerns with just switching personal-digest-preferences
> over?
> Cheers,
> Andrew
> [1]

some additional opinions for the discussion:

The "OpenPGP Best Practices" of Riseup also recommend against choosing
SHA1 in some cases:

and also SHA1 is highlighted in red when querying the key status with
  $ hkt export-pubkeys <KEYID|UID> | hokey lint


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150712/a45711e2/attachment-0001.sig>

More information about the Gnupg-devel mailing list