Weaknesses in SHA-1

David Shaw dshaw at jabberwocky.com
Tue Sep 21 23:58:17 CEST 2004

On Tue, Sep 21, 2004 at 04:06:47PM -0400, Darren Chamberlain wrote:
> * Per Tunedal Casual <pt at radvis.nu> [2004/09/21 21:38]:
> > Bruce Schneier anounced in the latest CRYPTOGRM, September 15, 2004
> > that:
> <http://www.schneier.com/crypto-gram-0409.html#3>, for those who don't
> > He advices people to use the longer SHA-hashes until a new better hash
> > is invented. He suggests a HASH-contest like the AES-process to get a
> > new hash.
> This might be a good time for someone to point to a handy guide showing
> which hash functions are supported by GnuPG and PGP.  Does anyone have
> one lying around?

gpg --version

In 1.2.x, GnuPG supports MD5, SHA1, and RIPEMD160.  It also supports
SHA256 read-only (you can verify existing signatures made with SHA256,
but not make new ones).  If you compile it with the right options, you
can get SHA384 and SHA512 read-only.  TIGER192 is allowed, but

In 1.4, GnuPG will suppports MD5, SHA1, RIPEMD160, and SHA256.  It
will support SHA384 and SHA512 read-only.  TIGER192 is removed.


More information about the Gnupg-users mailing list