[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how close is OpenPGP tied to SHA1

On 02/01/2009 08:24 PM, Peter Thomas wrote:
> After reading the whole RFC I've found several places where SHA1 is
> given as the only possible algorithm,

This was just discussed on the list last month in a thread titled "A
review of hash function brittleness in OpenPGP":


It would be worth reviewing that thread because it contains relevant
discussion.  In short: the fingerprints seem to be the most worrisome
part, and we probably need to think about how to move forward.



Attachment: signature.asc
Description: OpenPGP digital signature