GPG: Deprecated hash + local "game over" exploit
Steve Kinney
admin at pilobilus.net
Sun Jul 2 23:57:04 PDT 2017
On 07/02/2017 03:13 AM, Georgi Guninski wrote:
> On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
>> A couple of days ago Shawn pointed out offlist that my GPG installation
>> was using SHA1 when signing messages. Although seven hash functions are
>> included in GnuPG 1.4.16, SHA1 is still the default.
>>
> It was funny when someone (likely you) signed inline with SHA1 email
> about SHA1 collisions and the choice of hash was obvious :)
I don't recall doing that, but I can't rule it out.
:o)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20170703/81708331/attachment-0002.sig>
More information about the cypherpunks
mailing list