Accidentally used SHA1

Robert J. Hansen rjh at
Fri Jul 1 20:33:32 CEST 2016

> Does using SHA1 in past make my key less secure or does this only make
> the signed message more prone to collision instead of key leak?

Definitely no to the first, and probably not to the second.  SHA-1 is
weak in a theoretical sense, but we're nowhere near seeing preimage
attacks on it, which is what would have to happen for your message to be
susceptible to forgery.

We advise against SHA-1 out of an abundance of caution, not because it's
broken.  The current attacks against SHA-1 are troubling but not
applicable to OpenPGP... *yet*.  It's that "yet" which causes us to
advise using better hash algorithms.  :)

More information about the Gnupg-users mailing list