From b0c1a854fdd17880406aa4c29c3a97e3ff4059dc Mon Sep 17 00:00:00 2001
From: Bart Butler <bart.c.butler@gmail.com>
Date: Mon, 27 Feb 2017 10:30:39 -0800
Subject: [PATCH] move SHA1 to the bottom of the preferred hash algorithm list

---
 src/key.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/key.js b/src/key.js
index 8c2bd989..9f92ceb8 100644
--- a/src/key.js
+++ b/src/key.js
@@ -1052,10 +1052,10 @@ function wrapKeyObject(secretKeyPacket, secretSubkeyPacket, options) {
     signaturePacket.preferredSymmetricAlgorithms.push(enums.symmetric.cast5);
     signaturePacket.preferredSymmetricAlgorithms.push(enums.symmetric.tripledes);
     signaturePacket.preferredHashAlgorithms = [];
-    // prefer fast asm.js implementations (SHA-256, SHA-1)
+    // prefer fast asm.js implementations (SHA-256). SHA-1 will not be secure much longer...move to bottom of list
     signaturePacket.preferredHashAlgorithms.push(enums.hash.sha256);
-    signaturePacket.preferredHashAlgorithms.push(enums.hash.sha1);
     signaturePacket.preferredHashAlgorithms.push(enums.hash.sha512);
+    signaturePacket.preferredHashAlgorithms.push(enums.hash.sha1);
     signaturePacket.preferredCompressionAlgorithms = [];
     signaturePacket.preferredCompressionAlgorithms.push(enums.compression.zlib);
     signaturePacket.preferredCompressionAlgorithms.push(enums.compression.zip);