howto secure older keys after the recent attacks
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 10 16:31:48 CEST 2009
On 09/09/2009 09:45 PM, David Shaw wrote:
> Instead of giving my preferences,
> allow me to point at the wonderful defaults in GPG. They're the default
> algorithms for a reason.
I've asked this before, but without any satisfactory answer, i'm still
curious: Why do the digest defaults in 1.4.10 and 2.0.13 list SHA-1
above SHA-512, SHA-224, and SHA-384?
I don't believe that the mere existence of hardware acceleration of
SHA-1 is sufficient to warrant its default preference over stronger,
widely-implemented digests.
Users who have (and prefer to use) accelerator hardware for any
particular digest can change their published preferences to explicitly
prefer that hardware, right? Are SHA-1 accelerators so widespread that
people have them (and gpg uses them) without being aware of them?
Is there some other reason to rank SHA-1 like this?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090910/b502f691/attachment.pgp>
More information about the Gnupg-users
mailing list