diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2017-09-28 12:32:26 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-12-12 14:07:43 +0000 |
| commit | 8ede3ae29a39641a2f98ad9a4cf61ea99085a892 (patch) | |
| tree | 2f8377853775cf81fa3e5bf31020e747470ce337 /g10/getkey.c | |
| parent | Change backlog from 5 to 64 and provide option --listen-backlog. (diff) | |
| download | gnupg-8ede3ae29a39641a2f98ad9a4cf61ea99085a892.tar.gz gnupg-8ede3ae29a39641a2f98ad9a4cf61ea99085a892.zip | |
gpg: default-preference-list: prefer SHA512.
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order. When publishing
external preferences, state preference for SHA512 first.
--
SHA-512 has a wider security margin than SHA-256. It is also slightly
faster on most of the architectures on which GnuPG runs today. New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.
Specifically, this changes --default-preference-list from:
SHA256 SHA384 SHA512 SHA224
to:
SHA512 SHA384 SHA256 SHA224
This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat (limited to 'g10/getkey.c')
0 files changed, 0 insertions, 0 deletions