GPG: Deprecated hash + local "game over" exploit
admin at pilobilus.net
Sun Jul 2 23:57:04 PDT 2017
On 07/02/2017 03:13 AM, Georgi Guninski wrote:
> On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
>> A couple of days ago Shawn pointed out offlist that my GPG installation
>> was using SHA1 when signing messages. Although seven hash functions are
>> included in GnuPG 1.4.16, SHA1 is still the default.
> It was funny when someone (likely you) signed inline with SHA1 email
> about SHA1 collisions and the choice of hash was obvious :)
I don't recall doing that, but I can't rule it out.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the cypherpunks