Home GnuPG
Diffusion GnuPG 8ede3ae29a39

gpg: default-preference-list: prefer SHA512.

Description

gpg: default-preference-list: prefer SHA512.

* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order.  When publishing
external preferences, state preference for SHA512 first.

SHA-512 has a wider security margin than SHA-256. It is also slightly
faster on most of the architectures on which GnuPG runs today. New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

SHA256 SHA384 SHA512 SHA224

to:

SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Provenance
dkgAuthored on Sep 28 2017, 2:32 PM
wernerCommitted on Dec 12 2017, 3:07 PM
Parents
rGc81a447190d2: Change backlog from 5 to 64 and provide option --listen-backlog.
Branches
Unknown
Tags
Unknown