SHA-256, 384 or 512 for Thunderbird’s Enigmail

My favorite GPG/PGP Thunderbird Plugin uses SHA1 hashes per default. I’ve tried to change it but found no easy way using the menu options. Thanks to Scuba Instructor for telling us how to change it:

SHA-1 is the default hash algorithm for Thunderbird’s Enigmail. As it looks like SHA-1 isn’t secure anymore you should use at least SHA-256 which might be the future strandard algorithm. Here is what you need to do:

Start Thunderbird, click Edit -> Preferences. Go to the Config Editor. Locate extensions.enigmail.mimeHashAlgorithm. Set the value to 3, 4 or 5. Default is 0 which means SHA-1. If you set it to 3 Enigmail will use SHA-256, 4 means SHA-384 and 5 SHA-512. If you set the value to 2 Enigmail will use RIPEMD-160. Not a bad choice either.


— Update Jun 13, 2014

Newer Versions of Enigmail seem to have issues by signing / encrypting Umlaute (German for Characters like äüö). As a workaround, just configure outgoing emails to UTF-8 instead ISO-8859-1. To do so:

  • Open Thunderbird Settings
  • Go to Tab “Display” -> “Formatting”
  • click on “Advanced” at Fonts
  • change “outgoing mail” to UTF-8 encoding

This should help.