SHA1 collision found

sivmu at web.de sivmu at web.de
Thu Feb 23 19:24:02 CET 2017


Today was announced that SHA1 is now completely broken
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

A few weeks back it was mentioned that there is a new proposal for a openpgp standart including a new algorithm for pgp fingerprints.
As this is currently not applicable in practice, I would like to know what this new development means for pgp-gnupg and the use of SHA1 for key identification.

After researching how the fingerprint is generated, I think it would be easy to include a new option in gnupg to print a fingerprint using sha256. Would that be something that will/can be included in future versions of gnupg?

That way users could publish both the sha1 and sha256 finderprint in the future.



More information about the Gnupg-users mailing list