Page MenuHome GnuPG
Create Task
Maniphest T1057

update default-preference-list to prefer stronger supported hashes
Closed, ResolvedPublic
Actions

Description

As discussed on gnupg-devel, it seems reasonable to change the
default-preference-list so that newly-created keys advertise all the digests
gnupg actually supports.

the attached patch should make the digests within default-preference-list be
"SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1". Note that i extended the size of
the dummy_string buffer -- for one thing, when including digests like "H10 ",
it's 4 chars per digest, not 3. So 3*15+1 doesn't guarantee that we can fit 15
items.

I'm happy to assign copyright on this patch to the FSF if that's considered
important.

Related Objects

Event Timeline

dkg added projects: Feature Request, gnupg.May 19 2009, 6:15 PM
dkg added a subscriber: dkg.

D87: 223_default-preference-list-change.diff

dshaw added a subscriber: dshaw.May 22 2009, 3:25 PM
werner added projects: In Progress, backport.Jul 9 2009, 9:46 AM
werner added a subscriber: werner.

Done for 2.0.13:

The default hash algo order is:

SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.

Ordering SHA-1 before SHA-384 might be viewed as a bit
strange; it is done because we expect that soon enough
SHA-3 will be available and at that point there should
be no more need for SHA-384 etc. Anyway this order is
just a default and can easily be changed by a config
option.

werner closed this task as Resolved.Sep 3 2009, 12:18 PM
werner claimed this task.
werner removed projects: backport, In Progress.