SHA1 broken?

Darren Chamberlain dlc at
Wed Feb 16 16:56:57 CET 2005

* Johan Wevers <johanw at> [2005/02/16 16:32]:
> Darren Chamberlain wrote:
> >So this would be when we start putting:
> >  digest-algo RIPEMD160
> >in our gpg.conf, right?
> How about SHA-256 and 512? Are they based on SHA-1? And how about
> getting Tiger-192 back?

David Shaw just said[0]:

> Finally, if you have a DSA signing key (most people do) you are
> required to use either SHA-1 or RIPEMD/160.  RSA signing keys can
> use any hash.

I'm one of "most people", apparently, since gpg threw an error when I
specified SHA-256.  :)


[0] <>

Three things in human life are important: the first is to be kind; the
second is to be kind; and the third is to be kind.
    -- Henry James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : /pipermail/attachments/20050216/3c828328/attachment.pgp

More information about the Gnupg-users mailing list