Am Sonntag 20 Februar 2022 09:30:36 schrieb Daniel Colquitt via Gnupg-users:
> I agree with you, and Robert Hansen above, insofar as there is no practical
> weakness in using SHA-1 as part of a key derivation algorithm.
(for protecting exported private keys)
> Nevertheless it does seem
Whoever told you SHA-1 is broken was gravely in error. There are certain areas of the cryptographic space where it is no longer recommended. There are others where it's strong as a rock.As part of an iterated key derivation function, SHA-1 is still believed safe. There's no reason to shy away
> Has it really been that long? ... No, it has not been: a free-start
collision was
> found on the SHA-1 compression function in 2015, less than
> 7 years ago.
>
> As far as I know, a single collision pair ("SHAttered") has been produced,
> using about 9 months on a very large cluster, against
Daniel Colquitt via Gnupg-users wrote:
Whilst AES128 is probably okay for now, SHA1 has been broken for well over 15
years.
Has it really been that long? ... No, it has not been: a free-start
collision was found on the SHA-1 compression function in 2015, less than
7 years ago.
As far as
> On 19 Feb 2022, at 14:52, Werner Koch wrote:
>
> gpg does not encrypt private keys. This is done by gpg-agent. The
> method how the keys are protected internally are out of scope for
> OpenPGP. See gnupg/agent/keyformat.txt for the specification of the
> internal format.
Apologies for
On Fri, 18 Feb 2022 13:08, Daniel Colquitt said:
> Is the suggestion the gpg does not respect these flags when applying
> symmetric encryption to keys?
gpg does not encrypt private keys. This is done by gpg-agent. The
method how the keys are protected internally are out of scope for
OpenPGP.