why SHA-1 ?

Robert J. Hansen rjh at sixdemonbag.org
Sat Jul 16 11:39:36 CEST 2016

> What is the rationale to use this deprecated algorithm and why don't you
> use non-deprecated checksums such as SHA-256 or SHA-512 ?

Deprecated by whom?  SHA-1's long-term prospects aren't good but we're
nowhere near preimage attacks.  It's still just fine for file verification.

More information about the Gnupg-devel mailing list