GPG: Deprecated hash + local "game over" exploit

Georgi Guninski guninski at
Sun Jul 2 00:13:04 PDT 2017

On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
> A couple of days ago Shawn pointed out offlist that my GPG installation
> was using SHA1 when signing messages.  Although seven hash functions are
> included in GnuPG 1.4.16, SHA1 is still the default.
It was funny when someone (likely you) signed inline with SHA1 email
about SHA1 collisions and the choice of hash was obvious :)

More information about the cypherpunks mailing list