> Does using SHA1 in past make my key less secure or does this only make > the signed message more prone to collision instead of key leak?
Definitely no to the first, and probably not to the second. SHA-1 is weak in a theoretical sense, but we're nowhere near seeing preimage attacks on it, which is what would have to happen for your message to be susceptible to forgery. We advise against SHA-1 out of an abundance of caution, not because it's broken. The current attacks against SHA-1 are troubling but not applicable to OpenPGP... *yet*. It's that "yet" which causes us to advise using better hash algorithms. :) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
