Suggested updates for the Privacy Handbook?

Werner Koch wk at
Fri Oct 18 09:18:08 CEST 2013

On Fri, 18 Oct 2013 06:50, mezzanine at said:

> * Phasing out SHA1 and MD5 hashing and moving from DSA to RSA keys (see for info.)

FWIW, GnuPG used MD5 only for PGP2 compatibility.  From rfc-4880:

   Implementations MUST implement SHA-1.  Implementations MAY implement
   other algorithms.  MD5 is deprecated.

SHA-1 is is an important part of OpenPGP and used in ways which are
resistant against collision attacks.  Thus it is not easy to fade it
out.  A paragraph explaining why certain algorithms re used by default
does make sense; though.

> * Using frontends such as GPGTools for the MacOSX platform and GPG4win for the Windows platform.
> * The limitations of GPG with regard to protecting against attacks against an end user's system.

Yes, that is important for real world security.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-doc mailing list