[tor-bugs] #9811 [Tor Sysadmin Team]: use sha256 or sha512 instead of sha1 for deb.torproject.org

Tue Sep 24 00:01:32 UTC 2013

#9811: use sha256 or sha512 instead of sha1 for deb.torproject.org
-------------------------------+------------------------
 Reporter:  proper             |          Owner:  weasel
     Type:  defect             |         Status:  new
 Priority:  normal             |      Milestone:
Component:  Tor Sysadmin Team  |        Version:
 Keywords:                     |  Actual Points:
Parent ID:  #1869              |         Points:
-------------------------------+------------------------
 For example
 http://deb.torproject.org/torproject.org/dists/tor-0.2.4.x-jessie/InRelease
 currently uses Hash: SHA1. Please use a stronger hash, such as sha256 or
 sha512.

 I believe, if you add

 {{{
 personal-digest-preferences SHA512
 cert-digest-algo SHA512
 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
 CAST5 ZLIB BZIP2 ZIP Uncompressed
 }}}

 to ~/.gnupg/gpg.conf that should do the trick.

 Otherwise try "gpg --edit-key your at mail", setpref, SHA512 SHA384 SHA256
 SHA224 AES256 AES192 AES CAST5 ZLIB, save.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9811>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online