Am Sonntag 20 Februar 2022 09:30:36 schrieb Daniel Colquitt via Gnupg-users: > I agree with you, and Robert Hansen above, insofar as there is no practical > weakness in using SHA-1 as part of a key derivation algorithm.
(for protecting exported private keys) > Nevertheless it does seem imprudent to use a formally broken hash function > by default, whilst silently ignoring options that users would reasonably > expect to change the algorithms used. The point, as I understand it, is compatibility. Exporting and importing a private OpenPGP key is expected to work for many implementations and over several software revisions and years. So adhereing to a standard (OpenPGP in this case) seems a good choice. You can use additional protection layers, as Werner suggested. This seems also reasonable from a usability point of view as exporting, transfering and importing of private OpenPGP keys is a rare process. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
