* g10/main.h (DEFAULT_DIGEST_ALGO): default to SHA256 except for archaic compliance modes.
-- RFC 4880 specifies the 256-bit variant of SHA2, and any compatible client in the last 10 years. According to doc/gpg.texi, PGP 8 also supports SHA 256. There's no clear reason to default to SHA1 for compatibility with those clients. (RFC 2440 and PGP7 don't support SHA256, so leave that alone. GnuPG-bug-id: 7516 Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net> --- g10/main.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/g10/main.h b/g10/main.h index 546a0b5b8..ffed41613 100644 --- a/g10/main.h +++ b/g10/main.h @@ -41,7 +41,7 @@ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES #endif -#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) +#define DEFAULT_DIGEST_ALGO ((PGP7||RFC2440)? DIGEST_ALGO_SHA1:DIGEST_ALGO_SHA256) #define DEFAULT_S2K_DIGEST_ALGO DEFAULT_DIGEST_ALGO #ifdef HAVE_ZIP # define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP -- 2.47.2 _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
