[PATCH] default-preference-list: prefer SHA512.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Nov 18 01:11:49 CET 2017


On Wed 2017-11-15 20:52:08 +0100, Werner Koch wrote:
> On Thu, 28 Sep 2017 14:32, dkg at fifthhorseman.net said:
>
>> Specifically, this changes --default-preference-list from:
>>
>>    SHA256 SHA384 SHA512 SHA224
>>
>> to:
>>
>>    SHA512 SHA384 SHA256 SHA224
>
> Given that these are only preferences I don't see a reason to object
> against swapping SHA256 with SHA512.

great!  should i merge the patch then on master and STABLE-BRANCH-2-2,
or will you do it?

> In general I would like to get rid of SHA224 and SHA384 because I can't
> see any advantage in using them or _announcing_ that they are supported:
> Both are truncated version of the other algos using a different IV.
> They are similar like AES192 which is also rarely used.  Note that gpg
> will in any case _support_ all 4 algos.
>
> However, dropping them 2.2 would not be good.  Thus my suggestion for
> 2.2 would be:
>
>     SHA512 SHA256 SHA384 SHA224
>
> and for 2.3:
>
>     SHA512 SHA256

If you'd like to have a separate discussion about dropping SHA224 and
SHA384 for 2.3, i have no objections -- i've never seen those used in
the wild, so discouraging their use further doesn't seem like a problem
to me.

   --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171118/fe1d18d1/attachment-0001.sig>


More information about the Gnupg-devel mailing list