Am 23.02.2017 um 19:48 schrieb Peter Lebbing:
> On 23/02/17 19:24, si...@web.de wrote:
>> After researching how the fingerprint is generated, I think it would
>> be easy to include a new option in gnupg to print a fingerprint using
>> sha256. Would that be something that will/can be included in future
>> versions of gnupg?
>
> It wouldn't help because of all the places SHA-1 is used internally if
> you just change how it is displayed to the user. Disclaimer: I'm not a
> developer, but this is my understanding of it. I can't say for sure.
>

I would rather see this as a means to manually check the key to enable users to 
potentially discover fake keys.
Since I did not find a simple way to generate the fingerprint and identifying 
the key contents to be hashed seems really tricky, putting an additional option 
in gnupg to generate a longer fingerprint seems like the easiest solution.

Having an option like --fingerprint <sha256/sha512/sha3-256/whirlpool/...> 
would allow users to use any hash they want until a new openpgp standard is 
published. This is not something that needs to be used by default, just 
something that can be used by those who look for it.

After looking into second-preimage attacks the issue does not seem to be that 
critical though. Still it would be a nice feature and if I did not 
misunderstand the how the fingerprint is generated it could be implemented by 
adding very little code.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to