On 23/02/17 19:24, si...@web.de wrote: > As this is currently not applicable in practice, I would like to know > what this new development means for pgp-gnupg and the use of SHA1 for > key identification.
I already answered that here[1]. The use of SHA-1 in fingerprints is not susceptible to a collision attack, so it's still safe. SHA-1 in fingerprints is only susceptible to a second-preimage attack which is much harder than a collision attack and unheard of for SHA-1. > After researching how the fingerprint is generated, I think it would > be easy to include a new option in gnupg to print a fingerprint using > sha256. Would that be something that will/can be included in future > versions of gnupg? It wouldn't help because of all the places SHA-1 is used internally if you just change how it is displayed to the user. Disclaimer: I'm not a developer, but this is my understanding of it. I can't say for sure. HTH, Peter. [1] <https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057547.html> -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users