On 4/25/2013 9:13 PM, Mason Loring Bliss wrote: > I've been reading some "best practises" documents, and it was suggested that > I not use SHA-1 as my self-signature digest algorithm:
Beware of "best practices." What makes a practice best depends greatly on the specific threats you face, and unless the author knows your particular threat model a healthy amount of skepticism is warranted. Examine each claim critically and ask yourself, "does this practice give me any real, measurable, quantifiable advantage in the context of my threat model?" For my own lookout, I don't see that this practice would give me very much. If SHA-1 falls victim to preimage attacks then I'm completely screwed anyway on a few dozen fronts simultaneously, and my certificate is the least of my worries. If I wake up in the middle of the night and discover my house is on fire I'm not going to care very much about whether I forgot to turn off the coffeepot. A preimage attack on SHA-1 is my house being on fire: avoiding SHA-1 for self-signatures is making sure to turn off the coffeepot. I suspect that quite a lot of us are in that same boat. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
