SHA-1 deprecation timeline

Henry de Valence hdevalence at
Tue May 10 20:25:51 CEST 2016

Hi all,

This afternoon at Eurocrypt 2016 saw the presentation of last year's SHA-1
freestart collision.  The cost of a full chosen-prefix attack on commodity
hardware (Amazon EC2) is estimated at only $100k; the authors mentioned that
they are already partway through a common-prefix attack.

What is the current plan for the complete deprecation of SHA-1 from GnuPG?

Apologies if this question has been asked and answered before -- but searching
the last eight months of list archives didn't seem to give any information.

Henry de Valence

More information about the Gnupg-devel mailing list