GPG: Deprecated hash + local "game over" exploit
Georgi Guninski
guninski at guninski.com
Sun Jul 2 00:13:04 PDT 2017
On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
> A couple of days ago Shawn pointed out offlist that my GPG installation
> was using SHA1 when signing messages. Although seven hash functions are
> included in GnuPG 1.4.16, SHA1 is still the default.
>
It was funny when someone (likely you) signed inline with SHA1 email
about SHA1 collisions and the choice of hash was obvious :)
More information about the cypherpunks
mailing list