SHA1 issues, generic advice for average user?

Chris Poole chris at
Tue May 19 13:32:12 CEST 2009

I don't use GPG all that much, but am a little concerned with the recent
SHA1 collision news.

>From what I've read on this list, it doesn't seem to be too much of an

I wonder if someone could clarify some things for me, please:

1) Is this just an issue with signatures, or does it impact the encryption

2) I don't want to lose my current keys, as I have many files that I have
encrypted. Will changing the default hash with the setpref command in the
edit menu (to something like SHA512) help, at all?

Essentially, should an average user of GPG be doing anything? If, after
people have thought about this issue and better hashes are recommended, will
that require current keys to be discarded?

(My key is 1024D with 4096g subkey, if that makes any difference.)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090519/d45372d3/attachment.htm>

More information about the Gnupg-users mailing list