GPG: Deprecated hash + local "game over" exploit

Steve Kinney admin at
Sun Jul 2 23:57:04 PDT 2017

On 07/02/2017 03:13 AM, Georgi Guninski wrote:
> On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
>> A couple of days ago Shawn pointed out offlist that my GPG installation
>> was using SHA1 when signing messages.  Although seven hash functions are
>> included in GnuPG 1.4.16, SHA1 is still the default.
> It was funny when someone (likely you) signed inline with SHA1 email
> about SHA1 collisions and the choice of hash was obvious :)

I don't recall doing that, but I can't rule it out.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the cypherpunks mailing list