howto secure older keys after the recent attacks

Daniel Kahn Gillmor dkg at
Thu Sep 10 16:31:48 CEST 2009

On 09/09/2009 09:45 PM, David Shaw wrote:
> Instead of giving my preferences,
> allow me to point at the wonderful defaults in GPG.  They're the default
> algorithms for a reason.

I've asked this before, but without any satisfactory answer, i'm still
curious:  Why do the digest defaults in 1.4.10 and 2.0.13 list SHA-1
above SHA-512, SHA-224, and SHA-384?

I don't believe that the mere existence of hardware acceleration of
SHA-1 is sufficient to warrant its default preference over stronger,
widely-implemented digests.

Users who have (and prefer to use) accelerator hardware for any
particular digest can change their published preferences to explicitly
prefer that hardware, right?  Are SHA-1 accelerators so widespread that
people have them (and gpg uses them) without being aware of them?

Is there some other reason to rank SHA-1 like this?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090910/b502f691/attachment.pgp>

More information about the Gnupg-users mailing list