On Thu, May 04, 2006 at 09:34:55AM -0600, Phil Helms wrote: > Why not use MD5?
http://cryptography.hyperlink.cz/MD5_collisions.html MD5 is deprecated in OpenPGP. The current OpenPGP draft says: * The MD5 hash algorithm has been found to have weaknesses, with collisions found in a number of cases. MD5 is deprecated for use in OpenPGP. Implementations MUST NOT generate new signatures using MD5 as a hash function. They MAY continue to consider old signatures that used MD5 as valid. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
