On Thu, 2 May 2013 06:48, [email protected] said: > thinking of these problems, and if-and-when Werner and g10 Code decide > to shift the default behaviors I'm certain it will be towards a stronger > hash algorithm.
We always tried to make sure that new algorithms are deployed for a long time before we make them the default. The next big change will be the switch to ECC and we not even have a real GnuPG release with. I expect that in a few years we can/need to switch to ECC and with that the end of signing SHA-1 digests will have come. Given that you need to create a new key anyway, the hash algorithm will be a non-brainer then. The special cases which Daniel constructed are, well, special cases and not the common use of signatures. People designing such a system should really consult with an expert to come up with a proper plan on how to implement that system. And that plan should include a discussion of used algorithms and threat models. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
