[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: netpgp and SHA1-PGP stuff
It does exist, because older PGP were mandated (by RFC 4880) to use SHA1. Other implementations can coexist with different digest functions, though, so read on...
We've known for a while that reliance on SHA1 was problematic - see the top of src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c where the default for new netpgp-signatures is sha256:
* SHA1 is now looking as though it should not be used. Let's
* pre-empt this by specifying SHA256 - gpg interoperates just fine
* with SHA256 - agc, 20090522
#define DEFAULT_HASH_ALG "SHA256"
I'm aware of the dangers of downgrading various things, though not PGP? Quite happy to panic if warranted
Main Index |
Thread Index |