howto secure older keys after the recent attacks
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 10 16:31:48 CEST 2009
On 09/09/2009 09:45 PM, David Shaw wrote:
> Instead of giving my preferences,
> allow me to point at the wonderful defaults in GPG. They're the default
> algorithms for a reason.
I've asked this before, but without any satisfactory answer, i'm still
curious: Why do the digest defaults in 1.4.10 and 2.0.13 list SHA-1
above SHA-512, SHA-224, and SHA-384?
I don't believe that the mere existence of hardware acceleration of
SHA-1 is sufficient to warrant its default preference over stronger,
Users who have (and prefer to use) accelerator hardware for any
particular digest can change their published preferences to explicitly
prefer that hardware, right? Are SHA-1 accelerators so widespread that
people have them (and gpg uses them) without being aware of them?
Is there some other reason to rank SHA-1 like this?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 891 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users