On Fri, 19 Mar 2021 09:40, Kevin J. McCarthy said: > The TLS Cert prompts show SHA256 and SHA-1 hashes now. I don't think > there are any places we default to SHA-1 only, but if I missed > something please someone reply.
OpenPGP requires SHA-1 for the fingerprint. The WG will eventually come up with a v6 key format using a SHA256 fingerprint, but even though that GnuPG supports this, it will take, say, 5 years before v5 keys are widely enough supported. And even then v4 keys will still need support. The use of SHA-1 for fingerprinting in the OpenPGP context is currently and the next years not a weakness from a cryptographic point of view. gpg does not create signatures using SHA-1 anymore but for reading and verifying old messages, the support for SHA-1 is required (here for the micalg parameter of PGP/MIME). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
