Confusion with signature digest type.

Mason Loring Bliss mason at blisses.org
Fri Apr 26 18:18:06 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, Apr 25, 2013 at 11:47:49PM -0400, Robert J. Hansen wrote:

> A preimage attack on SHA-1 is my house being on fire: avoiding SHA-1 for
> self-signatures is making sure to turn off the coffeepot.

While I agree with what you're saying, the big difference between this
situation and your example is that it's trivially easy for me to say "use
this digest method instead of this other one" and then forget about it. The
coffee pot will take care of itself. The question becomes invisible to me as
soon as I've set the default, and if the effort is so low to do it, I don't
see any real reason *not* to do it. Security is about nudging up the bar.

Now, that said, I still don't understand why I was seemingly unable to change
the digest algorithm I'm using for my old key. I'd be grateful if someone
could enlighten me on that point, as I really want to grasp what was
happening.

- -- 
Mason Loring Bliss           mason at blisses.org           Ewige Blumenkraft!
$awake ? $sleep : int rand 2 ? $dream : $sleep; -- Hamlet, Act III, Scene I
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJReqi+AAoJEJ6yV3B27yVVeWEQAM8Zq23t23ZPUWylHDttflrR
h/gqg2QQd1VUeOiIdjUebrWfq7wREj2w+quO3mnIipoGIkloTBtSWfuoXz6Molnl
n+y1ye5/EcyNpsEWJmeilwg8WhxLvc1KiFzbB50dbeg5KEasTKR1vs0tQ3+cPZho
ItfhnaxGWsSTVt5y4i7Ulqn7bPeXk0EjDOXHGKlPQI334/qgU+4wCs/cDK1o5uux
1bpgewvpea63q2O3d8b5xNl6INwdmPlTsl1DOUanIvD9I6TAEeD5YM6d8u/wPl7A
k7U4qf0PbhCcK5SvjdXQRFc1w50SzPgNuQSHgbIHD5zD7tzfN7elHH5i0+zRXF/W
wIBnzBDfZzVYgJgCc7OgfjyMe2aCpPml8hPCwBBN8l49EivUbgVvTXY9caGPA/zE
Sq24QuChpUmPeNpO5aFhcmZHwhce2en28uryaOpmXZddHO5HTROBwkOPFhx51cHB
g8ywoz/dvjcwmTwDgN23xBD/WBkaEUfrmzwdlywv3ldZNvduy1YamHrBEwNY61Hb
M6cw/7buYlBv9hcXfiVaA1GtNBCJ/ASGlC9Mp3dwgCuhJ2kcPKVucmBo8z2uGJ8w
UPm9bYqgs91eodUT1DxKEv+e18+h+PVRIYXd65fhPiBjfZ2ja+2hE6q5Xj9czhfP
OsGxVaeV1D57CNkkxbzo
=V6uB
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list