SHA-1 checksums to be replaced with something better at ?

Daniel Kahn Gillmor dkg at
Thu Mar 17 20:44:55 CET 2016

On Thu 2016-03-17 15:34:08 -0400, Fabian Santiago wrote:
>> What is your threat model?  FWIW, pre-image attacks on SHA-1 are not
>> even on the horizon.
> Pre-image attack?

FWIW, the threat model of digest algorithms being published on an HTTPS
website that then links to the file to be downloaded is much easier to
work around than by compromising SHA-1's preimage resistance (or even
collision resistance for that matter).

However, it makes more sense to me to just move everything to sha-256
today.  Anyone who actually checks the digests should be capable of
using sha256 today, and it would avoid this sort of question coming up
in the future.


More information about the Gnupg-users mailing list