[PATCH] default-preference-list: prefer SHA512.

Werner Koch wk at gnupg.org
Wed Nov 15 20:52:08 CET 2017

On Thu, 28 Sep 2017 14:32, dkg at fifthhorseman.net said:

> Specifically, this changes --default-preference-list from:
>    SHA256 SHA384 SHA512 SHA224
> to:
>    SHA512 SHA384 SHA256 SHA224

Given that these are only preferences I don't see a reason to object
against swapping SHA256 with SHA512.

In general I would like to get rid of SHA224 and SHA384 because I can't
see any advantage in using them or _announcing_ that they are supported:
Both are truncated version of the other algos using a different IV.
They are similar like AES192 which is also rarely used.  Note that gpg
will in any case _support_ all 4 algos.

However, dropping them 2.2 would not be good.  Thus my suggestion for
2.2 would be:

    SHA512 SHA256 SHA384 SHA224

and for 2.3:

    SHA512 SHA256



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171115/b7af4b0e/attachment.sig>

More information about the Gnupg-devel mailing list