andrewg at andrewg.com
Wed Jan 25 10:13:42 CET 2017
> On 25 Jan 2017, at 08:52, Werner Koch <wk at gnupg.org> wrote:
> On Wed, 25 Jan 2017 01:05, sivmu at web.de said:
>> not sure this is the perfect place, but I wanted to point out that the
>> gnupg.org website still uses sha1 as a mac.
> Despite that SHA-1 is not yet broken they now even claims that HMAC-SHA1
> is broken? I do not even known a theoretical attack on HMAC-MD5
Browsers are not deprecating HMAC-SHA-1, but the use of SHA-1 in certificate signature generation. These are not the same thing.
gnupg.org's own cert uses SHA-256 and it's intermediate uses SHA-364. Nothing to see here, move along. :-)
More information about the Gnupg-users