On Fri, 1 May 2009 05:58, a...@smasher.org said: > so... when is the open-pgp spec moving beyond SHA1 hashes to identify > public keys? what's next? will it have to be a bigger hash?
OpenPGP does not claim that the fingerprint is a unique way to identify a key. Also note that the results are about collision attacks and not about second preimage attacks. Thus the whole thing basically boils down to the concept of non-repudiation; something which is very hard to achieve anyway. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
