sha1 pgp fingerprint

Peter Lebbing peter at
Thu Jan 26 10:56:18 CET 2017

On 26/01/17 00:47, sivmu wrote:
> The question I have not yet found any clear answer for, is why is nobody
> talking about this and should pgp keys be identified by a stronger hash
> alogrithm in the future?

Subverting SHA-1 as used for OpenPGP fingerprints requires a
second-preimage attack. The problems with SHA-1 are with collision
resistance, not preimage attacks.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list