gnupg website

Andrew Gallagher andrewg at
Wed Jan 25 10:13:42 CET 2017

> On 25 Jan 2017, at 08:52, Werner Koch <wk at> wrote:
> On Wed, 25 Jan 2017 01:05, sivmu at said:
>> not sure this is the perfect place, but I wanted to point out that the
>> website still uses sha1 as a mac.
> Despite that SHA-1 is not yet broken they now even claims that HMAC-SHA1
> is broken?  I do not even known a theoretical attack on HMAC-MD5

Browsers are not deprecating HMAC-SHA-1, but the use of SHA-1 in certificate signature generation. These are not the same thing.'s own cert uses SHA-256 and it's intermediate uses SHA-364. Nothing to see here, move along. :-)


More information about the Gnupg-users mailing list