SHA1 collision found
sivmu at web.de
sivmu at web.de
Thu Feb 23 19:24:02 CET 2017
Today was announced that SHA1 is now completely broken
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
A few weeks back it was mentioned that there is a new proposal for a openpgp standart including a new algorithm for pgp fingerprints.
As this is currently not applicable in practice, I would like to know what this new development means for pgp-gnupg and the use of SHA1 for key identification.
After researching how the fingerprint is generated, I think it would be easy to include a new option in gnupg to print a fingerprint using sha256. Would that be something that will/can be included in future versions of gnupg?
That way users could publish both the sha1 and sha256 finderprint in the future.
More information about the Gnupg-users
mailing list