SHA1 broken?

Werner Koch wk at gnupg.org
Wed Feb 16 20:02:20 CET 2005


On Wed, 16 Feb 2005 09:13:44 -0500, Darren Chamberlain said:

>   digest-algo RIPEMD160

> in our gpg.conf, right?

Assume that you have the power to create a calculation.  What would be
your target: A single message or a CA key? 

I'd go for a CA or other important key.  Here we rely on SHA-1 for
fingerprint calculation and the fingerprint is that piece of
information we almost always use to compare keys. You can't change
that.


Salam-Shalom,

   Werner






More information about the Gnupg-users mailing list