-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >The general point remains, though, that if you believe SHA-1 is insecure then you need to stop using OpenPGP.
Well, Yes, and No. ;-) SHA1 is hardwired into the fingerprint of v4 keys. An open pgp consensus on a v5 key will not happen overnight. So when is it reasonable enough to suggest that SHA1 is broken enough to start working on a v5 key? vedaal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) Comment: Acts of Kindness better the World, and protect the Soul Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJP/QPlAAoJEFBvT6HTX7GGwUgQAI3eHOQ9eNxuuXM6yzdB9jm0 BoE8bGXu9TyVlRFqUEieVjzmHYisxlsipto5YLfxyYHNqpPIz7ZTbUrWA1pXDqNe pNZnxz6uRIW2qCof09D4jxdev7n4FzjZ0ugWY5wbb9alkJlqp59UTku+Oa+V47V6 yf4pl3CW2YSN1sB0roX4GY2K/UWa2I3cbllOIUFvBjXhWcm+b7qSmWkaY5O5yzrC zqh53KqSekcaQch+NVJibs71kTK1O5iOX9H4Oa69VCkhJXtaex6ZUSfwIrSv+vVl iJ6qH6LBYqF4hMg3QgkE/p2MEey4vOzBmOAp7CkL0IuZingFzIHu7mPIgc2wgxDz UvwK68hT7kZkRt501rELT4OwLJhIx9xth7DC/Rj1dhyGpZWZiGVgu1MRvziCIcrk di/yhTNQrcJGJCVf8oWH3tPkedaUNRBaksZNcNhbe5Gyes/rBBDPmmlmTR9AMcyG +Bl7nf3jfOM7UsVXOcyqEXDiuYpInmrbkkk2BRv8PxmvfI0Y3qW2Zk3RVNY7ZNb/ 8sSOVGD+BTmygUlYS07mwY1q3aWpBdBFTSEKa5pU/w3ZZtSPARj9+SfTLNLjeTLm UgTthE3SqHTMrJtWCsGmvGTR73PYcthQXqvJkCUTHA/mYtEOTkG7eKfiXyJytMz8 QeUvM1NtSkDT6ypGGmRn =+ApG -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
