> On 25 Jan 2017, at 08:52, Werner Koch <w...@gnupg.org> wrote: > > On Wed, 25 Jan 2017 01:05, si...@web.de said: > >> not sure this is the perfect place, but I wanted to point out that the >> gnupg.org website still uses sha1 as a mac. > > Despite that SHA-1 is not yet broken they now even claims that HMAC-SHA1 > is broken? I do not even known a theoretical attack on HMAC-MD5
Browsers are not deprecating HMAC-SHA-1, but the use of SHA-1 in certificate signature generation. These are not the same thing. gnupg.org's own cert uses SHA-256 and it's intermediate uses SHA-364. Nothing to see here, move along. :-) Andrew. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
