Avoid recipient-compatibility SHA1
azbigdogs at gmx.com
Wed Nov 18 06:18:55 CET 2020
Not to ask a stupid question but how can you tell which algorithm your
keys are using and if using SHA1 update them to a more secure one?
On 11/17/2020 4:13 PM, Phil Pennock via Gnupg-users wrote:
> The current state of SHA1 is "dangerously exposed, you should be
> hurrying for the exits, there might still be time to grab your coat on
> the way out of the door." The history is such that when the current
> attacks against a digest system are where the SHA1 attacks are now, you
> really don't want to be dealing with the next revelations because you
> will not be happy.
> At present, using "weak-digest sha1" in your GnuPG configuration files
> reveals a lot of problems and in day-to-day use you will have to
> periodically comment it back out again. I know, because I've been doing
> this since January. It has helped me with pushing people I need to
> exchange private mail with to update their keys.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
PGP Key Upon Request
More information about the Gnupg-users