GnuPG Defaults
Robert J. Hansen
rjh at sixdemonbag.org
Wed Sep 17 09:34:49 CEST 2008
Kevin Hilton wrote:
> Based on the lack of vulnerabilities of those limited set of
> algorithms (excluding SHA1 -- another topic entirely)
To use a medical analogy, SHA1 has a hairline fracture, not an outright
break. It's still working fine, although it's certainly not in shape to
take too many more hits.
> it would seem to be prudent to "refine" the number of acceptable
> algorithms. When the SHA family is eventually supplanted and
> Camellia cipher officially recognized, I only see this list
> expanding, not shrinking!
And this has been the subject of vigorous argument among the members of
the IETF OpenPGP WG. There's been some talk about devising a minimal
OpenPGP subset, to make implementing it easier -- I don't recall much
talk about that project lately, though.
But anyway, yeah, the WG knows about it, and a lot of people aren't
happy with it.
More information about the Gnupg-users
mailing list