[openpgp] SHA-2 support should be mandatory – change defaults

Werner Koch wk at gnupg.org
Mon Aug 11 23:58:07 CEST 2014

On Mon, 11 Aug 2014 19:31, johanw at vulcan.xs4all.nl said:

> Fixing the packet order when --pgp2 or --rfc1991 are used would help a

Too complicated and breaks too much.

> lot. And now I assume that pgp 2 will not pass away before the

It is quite funny that some people here demand a ban of SHA-1 while some
still believe MD5 (pgp 2) is a safe choice.  MD5 has been broken; it is
easy to compute collisions and there are theoretical pre-image attack.
SHA-1 has for now only a theoretical collision attack.  Please get rid
of your old pgp 2 stuff - you can't trust the signature anymore.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list