why is SHA1 used? How do I get SHA256 to be used?
Robert J. Hansen
rjh at sixdemonbag.org
Wed Jul 11 07:56:47 CEST 2012
On 7/11/2012 12:41 AM, vedaal wrote:
> SHA1 is hardwired into the fingerprint of v4 keys.
As soon as a V5 key spec is released, I'll revise my statement. Until
then, OpenPGP has an unfortunate dependency on hashes that do not have
good long-term prospects. :)
> So when is it reasonable enough to suggest that SHA1 is broken enough
> to start working on a v5 key?
V5 discussions will not kick off in earnest until NIST announces the new
hash standard, or so I've heard people from the working group say.
More information about the Gnupg-users
mailing list