-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SHA1 got broken some months ago, but I see no useful move to get rid of using 
it for even new stuff.

I found some email chains awhile back showing the web of trust collapsing if 
SHA1 were not used.

I found ubuntu trying to go at removing it alone: 
https://wiki.ubuntu.com/SecurityTeam/GPGMigration
(mainly talks about changing keys but they are testing SHA2 signatures 
extensively)

I found out it's really hard to make a key that doesn't say "Digest: ... SHA1" 
in its attributes.

I found out why the web of trust collapses; public signing defaults to SHA1 
unless a command line
option is passed to change it. Editing key preferences on your signing key 
won't do it.

I'm pretty sure enigmail will sign this message with SHA1 because it doesn't 
have an option to
select digest and setting whatever on preferences doesn't work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iF4EAREIAAYFAllT6MMACgkQE8ihdI6XWvTX1AD/T8oFAb2/TNGkt3Ke8sYSTO9H
wQXh6MqsRajuqF542NUA/2PEajHFahVohQBxQLeUwAZr5G8Kk4q77Nq3mOpwzbfa
=kwi5
-----END PGP SIGNATURE-----

Attachment: 0x8E975AF4.asc
Description: 0x8E975AF4.asc

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to