How to "activate" gpg.conf entries?
Robert J. Hansen
rjh at sixdemonbag.org
Wed Jul 11 21:41:45 CEST 2012
On 7/11/2012 11:51 AM, Werner Koch wrote:
> But only because RIPEMD160 does not get as much attention as SHA-1.
True, but I'm not certain I believe SHA256 is much better.
Let's look over the history of Merkle-Damgård hashes:
MD2 (broken 1997, preimages 2004)
MD4 (broken 1991, preimages 2008, can generate collisions with
pen and paper!)
MD5 (broken 1996, preimages 2012 presumably, based on public
reports about Flame)
SHA-0 (broken 1998, no preimages)
SHA-1 (broken 2005, no preimages)
RIPEMD (broken ... uh ... when?)
SHA256 (unbroken)
RIPEMD-160 (unbroken)
History has not been kind to the Merkle-Damgård construction. The fact
OpenPGP only contains Merkle-Damgårds has always bothered me: I'd feel
much better if WHIRLPOOL had been standardized and included in the list.
More information about the Gnupg-users
mailing list