On 06/26/2014 05:45 PM, Robert J. Hansen wrote: > On 6/26/2014 2:25 PM, Daniel Kahn Gillmor wrote: >> If you know of a modern OpenPGP implementation that supports SHA-1 but >> not SHA-256 or SHA-512, please point it out (and no, creating one just >> to be able to point to it doesn't count :P) > > PGP 8.x, which is still in use today by a surprising number of people, > has limited support for SHA-256 and none at all for SHA-512.
PGP 8 was released over a decade ago, that's hardly a modern implementation: http://www.pgpi.org/news/ In what ways is its support for SHA-256 limited? I'm having a hard time finding documentation for it. How many people use it? Can you share where you got your "surprising number" reference? Are there software vulnerabilities in it or any support or maintenance at all? To paraphrase Werner elsewhere in this thread: The more important case is to read security announcements and update your OpenPGP implementation. Why should anyone cater to users of PGP 8.x in 2014 when we have an opportunity to provide a stronger cryptographic baseline for everyone else? --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
