> Does using SHA1 in past make my key less secure or does this only make
> the signed message more prone to collision instead of key leak?
Definitely no to the first, and probably not to the second. SHA-1 is
weak in a theoretical sense, but we're nowhere near seeing preimage
attacks on it, which
> On 1 Jul 2016, at 19:40, Andrew Gallagher wrote:
> If you are sufficiently worried, you can revoke the subkey (thus revoking
> this signature) and generate a new one.
s/worried/paranoid/
A
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http:
> On 1 Jul 2016, at 17:45, Cannon wrote:
>
> I accidentally messed up. Used the wrong gpg.conf when generating a
> signature on a message. The incorrect config was used causing my message
> to be signed using SHA1 instead of SHA512. I did not realize this until
> after message was already irreve
On Fri, 1 Jul 2016 01:58, w...@wolfsden.cz said:
> the building/signing is done in fakeroot environment. Therefore the
> socket path default to ~/.gnupg/S.gnu-agent. Because (at least it seems
> to me) in fakeroot I am root (0) and therefore don't own /run/user/1000
That is a very special case I
