> As for the current version v4, SHA1 is used to compute the fingerprint.
> Are there other mandatory places?
Yes. Search the RFC for the term "SHA-1" and you'll find them. It's
hardwired into several of the packet formats, for instance.
> Do you know any time frame and significant changes of v
On 06/29/2017 02:31 PM, Robert J. Hansen wrote:
>> SHA1 got broken some months ago, but I see no useful move to get rid
>> of using it for even new stuff.
> (a) Not for OpenPGP's uses. For our uses it's still safe, although we
> recommend moving to other, better, hashes as soon as possible.
>
> (b
On Thursday 29 June 2017 00:50:49 Pete Stephenson wrote:
> Hi all,
>
> Who is the appropriate person to contact regarding technical issues
> with the mailing list?
I'd start with the people who run this list. See
https://lists.gnupg.org/mailman/listinfo/gnupg-users
They can be reached at gnupg-u
> SHA1 got broken some months ago, but I see no useful move to get rid
> of using it for even new stuff.
(a) Not for OpenPGP's uses. For our uses it's still safe, although we
recommend moving to other, better, hashes as soon as possible.
(b) It's pretty easy to avoid using SHA-1. There are stil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
SHA1 got broken some months ago, but I see no useful move to get rid of using
it for even new stuff.
I found some email chains awhile back showing the web of trust collapsing if
SHA1 were not used.
I found ubuntu trying to go at removing it alone
On 06/29/2017 12:50 AM, Pete Stephenson wrote:
> Hi all,
Hi,
>
> Who is the appropriate person to contact regarding technical issues with
> the mailing list?
>
> Specifically, it appears that the list doesn't play nice with anti-spam
> measures like DMARC, SPF, and DKIM and so messages sent fro
On Tue, Jun 20, 2017 at 03:34:44PM +0200, martin f krafft wrote:
> 2. I've also tried running --update-trustdb, but it seems that this
>process is *endless*. I have no idea how many keys remain, and
>I also got the impression that I keep seeing keys I already
>processed. How do you appr
Hi!
The GnuPG Project is pleased to announce the availability of Libgcrypt
version 1.7.8. This release fixes a local side-channel attack.
Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG. It does not provide any
implementation
