The manpage for gpg sez:
Secret keys are integrity protected by using a SHA-1 checksum. This method is part of the upcoming enhanced OpenPGP specification but GnuPG already uses it as a countermeasure against certain attacks. Old applications don't under‐ stand this new format, so this option may be used to switch back to the old behaviour. Using this option bears a security risk.
Does anyone know what the actual security risk is? Using a weaker checksum obviously makes it easier to forge data, but in this case the data being forged is just the secret parts of a secret key. What are the attack vectors there?
-- Stephen Paul Weber, @singpolyma See <http://singpolyma.net> for how I prefer to be contacted edition right joseph
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
