Hash algorithm

Thread: Hash algorithm

Search this list only Search all lists
Hash algorithm
	2006-10-16 15:13:11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I understand that the hash SHA1 is no longer secure. How do I change that in PGP (v8.1)? The algorithms I have available are AES, CAST, TripleDES, and Twofish; my default until now has been AES. However, changing the default to Twofish still gives me a hash SHA1. Is there something I'm overlooking? - - -- Thanks, Rick -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRTOhg7rieAXxW2ntEQLX3ACg2zgrvQAU1g8ueWMmO3xBYAhd2GUAn235 ds4gAmqzR3TWWjdXuv9T1Whv =unQc -----END PGP SIGNATURE----- __._,_.___ Messages in this topic (1) Reply (via web post) \| Start a new topic . __,_._,___
Hash algorithm
	2006-10-17 02:03:13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Richard H. Stoddard wrote: > I understand that the hash SHA1 is no longer secure. How do I change > that in PGP (v8.1)? The algorithms I have available are AES, CAST, >; TripleDES, and Twofish; my default until now has been AES. However, > changing the default to Twofish still gives me a hash SHA1. Is there >; something I'm overlooking? PGP 8.1 understands only a few hash algorithms (SHA1, RIPEMD160, MD5, SHA256). The only believed-strong one in the group is SHA256, but PGP 8.1 will only _recognize_ SHA256 signatures; it won't actually _generate_ SHA256 signatures. The others (SHA1, RIPEMD160, MD5) are all on thin ice. While there are no major attacks against RIPEMD160 yet, most people believe that--given its structural similarities to MD5 and SHA1--it is now vulnerable to attack. However, since RIPEMD160 is a rarely-used algorithm, most people are ignoring it in order to focus on SHA1 work. If you're concerned about the hash functions in your software, your only real options are PGP 9.5 or GnuPG. I'd recommend the latter, myself; I had a terrible experience with PGP 9.0.x for the Mac a while ago. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRTQ54LcA9IL+r4EJAQrnBAgAoigRrJp3uHlpmaTrN/03FxDK9/VPpHi8 x5DVTu4WX4MZYP2SGIB6LfK190ljD2f1vpPLvqItFIvShok0YF9Q27qeO9ETA5oN OukBu9AmYIKFm/c1JIuUDu0ZBmxPP+;L8oOp8E+gDOkpV75lNn0kQmUDAwsC+G/Bx kAW4KwZbTkFtaBZ2FsktABvRG2321ZBKF7MIlcoKaUgsDaqQvbuHTVWfdaNW/qD1 RT7OLEIfk00YL07LnRrKFmYbYJxRfMJQ3;ZVfHdFrhXROItRkogDu4S/884NVRxTt lDgl32eafjHT1FQTQ/+UQ5shLta3HRcgaY5DcJXGoHsPKkbNkbCGHg== =5wu8 -----END PGP SIGNATURE----- __._,_.___ Messages in this topic (2) Reply (via web post) \| Start a new topic . __,_._,___
Hash algorithm
	2006-10-17 02:22:38

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert, Tuesday, October 17, 2006, 7:03:13 AM, you wrote: RJH> If you're concerned about the hash functions in your software, RJH> your only real options are PGP 9.5 or GnuPG. I'd recommend the RJH> latter, myself; I had a terrible experience with PGP 9.0.x for RJH> the Mac a while ago. Thanks for the response. I've decided to switch to GnuPG but still don't have it working reliably yet with The Bat. I'll then generate a stronger key. I got a response from Mica Mijatovic last night on TBUDL with details on changing preferences, so will follow your and his advice. - -- Thanks, Rick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) - WinPT 1.0.0 iD8DBQFFND5mDpWSSnADCvcRAt1uAJ90U/C8o+ZeO1OCXBHkUxX+gPMsvACfRUCk gCN2pYpQiqmS8OCw6/SDmQc= =P7KI -----END PGP SIGNATURE----- __._,_.___ Messages in this topic (3) Reply (via web post) \| Start a new topic . __,_._,___

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )