|PGP: Migrating Away from SHA-1
||[May. 9th, 2009|01:52 pm]
Originally published at ChrisAcheson.net. Please leave any comments there.
The SHA-1 hash that PGP and GnuPG use by default is now looking even
less secure than previously thought. It’s recommended that users begin
using SHA-2, and generate new keys to replace their 1024-bit DSA keys
which are dependent on SHA-1:
If you understand the instructions in the link above, you should
probably follow them soon. If you don’t understand them, don’t worry
too much, as your keys and signatures are still mostly safe for now,
they’re just not future-proof. You’ll probably want to wait until new
versions of your software are released with updated default settings,
and then generate new keys.
I’ve generated a new key for myself, which I’ve signed with the old key
and will be using from now on.