-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SHA1 got broken some months ago, but I see no useful move to get rid of using it for even new stuff.
I found some email chains awhile back showing the web of trust collapsing if SHA1 were not used. I found ubuntu trying to go at removing it alone: https://wiki.ubuntu.com/SecurityTeam/GPGMigration (mainly talks about changing keys but they are testing SHA2 signatures extensively) I found out it's really hard to make a key that doesn't say "Digest: ... SHA1" in its attributes. I found out why the web of trust collapses; public signing defaults to SHA1 unless a command line option is passed to change it. Editing key preferences on your signing key won't do it. I'm pretty sure enigmail will sign this message with SHA1 because it doesn't have an option to select digest and setting whatever on preferences doesn't work. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAllT6MMACgkQE8ihdI6XWvTX1AD/T8oFAb2/TNGkt3Ke8sYSTO9H wQXh6MqsRajuqF542NUA/2PEajHFahVohQBxQLeUwAZr5G8Kk4q77Nq3mOpwzbfa =kwi5 -----END PGP SIGNATURE-----
0x8E975AF4.asc
Description: 0x8E975AF4.asc
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
