On Fri 2017-02-24 12:37:34 -0500, Phil Pennock wrote:
> There are various claims going around about how GnuPG should be
> disabling SHA1 now;
[ ... ]
To be fair, we should have been *deprecating* SHA1 many years ago (since
Wang et al in 2005). we're late. if we'd been deprecating it for years
There are various claims going around about how GnuPG should be
disabling SHA1 now; the competent cryptographers I know are pointing out
that a collision is not a second pre-image, don't panic and cargo-cult
(but also yes it's time and past time to be making sure we have a clear
path away). I'm no
