I’ve been moving away from using gmail recently, so I signed up for a hosted email provider and setup my new IMAP account in thunderbird along with the enigmail extension. I noticed after sending a few emails that enigmail defaults to using SHA-1 for hashing messages. That may be “good enough” for my uses, but I’d still like to use a stronger hashing function. I tried changing that in enigmail, only to find that the option is nowhere to be found. There is a way to force enigmail to use a stronger hash, but you have to edit your prefs.js file.

Close thunderbird, then add the following:

user_pref("extensions.enigmail.mimeHashAlgorithm", 3);

The enigmail documentation says the evailable options are:

  1. let GnuPG choose
  2. SHA-1
  3. RIPEMD160
  4. SHA256
  5. SHA384
  6. SHA512
  7. SHA224

It’s set to option 0 by default, but GnuPG picks SHA-1 for compatibility reasons. I opted for option 3: SHA256. Keep in mind that there’s probably some old software that will not be able to handle SHA256 floating around out there. Enigmail properly detected the SHA256 hash when I sent myself an email, so I decided to go with that.