-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alphax (Wikipedia email) wrote:
I find it interesting that you're advocating
moving away from MD5 in a
situation where the known collision weaknesses aren't relevant, yet you
personally are still using SHA1 (which was broken about two years ago)
in a situation which *is* susceptible to collision -
First of all, SHA1 is not *broken*: although cryptographers have
discovered ways to force collisions at a rate lower than brute-force,
the attack is still not practical. Furthermore, in a message signing
context, you would need to trick me into signing a doctored message,
which would be pretty much impossible as I almost always only use GPG to
sign plaintext.
Furthermore, I'm currently using a DES signature, which uses 160 bits
and thus does not support SHA-256. I could use RSA, but then encryption
would be out of question.
What you SHOULD be asking is why I'm using an old version of GnuPG (the
current version is 1.4.6).
and your signature
didn't verify on that message (<ep65i0$496$1(a)sea.gmane.org>)g>).
Don't know why, my archived copy gives similar results. Maybe
Thunderbird did something to it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFFuCjIqTO+fYacSNoRAvupAJsG/2NA+AqdAgcj0YdmkjoAx1UezgCeNPVq
FgrpUFydo2NL18SMVoCH7+8=
=kaJr
-----END PGP SIGNATURE-----