From 10fed404ae000a9cd6f8d357e85202f4c884f54e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 21 Oct 2015 21:42:37 +0200
Subject: SHA1 and RIPEMD160 are not declared insecure until widely deployed

---
 .../org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
index cbd8ce47a..7ad7b4d0f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
@@ -79,8 +79,8 @@ public class PgpSecurityConstants {
      */
     private static HashSet<Integer> sHashAlgorithmsWhitelist = new HashSet<>(Arrays.asList(
             // MD5: broken
-            // SHA1: broken
-            // RIPEMD160: same security properties as SHA1
+            HashAlgorithmTags.SHA1, // TODO: disable when SHA256 is widely deployed
+            HashAlgorithmTags.RIPEMD160, // same security properties as SHA1, TODO: disable when SHA256 is widely deployed
             // DOUBLE_SHA: not used widely
             // MD2: not used widely
             // TIGER_192: not used widely
-- 
cgit v1.2.3