please change the default hashing algorithm

Ben McGinnes ben at adversary.org
Wed Jul 15 00:14:35 CEST 2015


On 15/07/2015 6:25 am, Robert J. Hansen wrote:
>> course, the switch will happen, but it might be slow.  Perhaps GPG 
>> could give users better guidance that they ought to be using Curve 
>> 25519 rather than the vulnerable NIST or brainpool curves.  (I'm
> 
> "Vulnerable" NIST or Brainpool curves?
> 
> I'm unaware of any attack against either NIST or Brainpool curves.  If I
> missed something, I'd love to know about it.
> 
> If this is about hypothetical or conjectured risks, then you should say
> that instead.  "Vulnerable" is the sort of language we use to describe
> SHA-1 -- the risk is real, we're seeing attacks getting better over
> time, and so on.  To my knowledge, that isn't the case for NIST or
> Brainpool.

Yes, you're quite right, we should just say that they're suspect as a
result of interference with NIST by NSA.  Still, that is a pretty
compelling argument, especially for those of us outside of the USA.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150715/28c02c29/attachment.sig>


More information about the Gnupg-devel mailing list