On 07/02/2017 03:13 AM, Georgi Guninski wrote:
> On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
>> A couple of days ago Shawn pointed out offlist that my GPG installation
>> was using SHA1 when signing messages. Although seven hash functions are
>> included in GnuPG 1.4.16, SHA1
On 07/01/2017 07:30 PM, Shawn K. Quinn wrote:
> On 07/01/2017 03:17 PM, Steve Kinney wrote:
>> Last time I checked, this bug was dismissed by Debian as a non-issue,
>> saying that exploiting it would require physical access to the machine
>> and "physical access is game over." That's an excuse
On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
> A couple of days ago Shawn pointed out offlist that my GPG installation
> was using SHA1 when signing messages. Although seven hash functions are
> included in GnuPG 1.4.16, SHA1 is still the default.
>
It was funny when someone
On 07/01/2017 03:17 PM, Steve Kinney wrote:
> Last time I checked, this bug was dismissed by Debian as a non-issue,
> saying that exploiting it would require physical access to the machine
> and "physical access is game over." That's an excuse to leave the bug
> in place, not a reason. I am sure
Greetings,
A couple of days ago Shawn pointed out offlist that my GPG installation
was using SHA1 when signing messages. Although seven hash functions are
included in GnuPG 1.4.16, SHA1 is still the default.
For most purposes this is no cause for panic, but it's "untidy" at best
and might