On May 2, 2009, at 3:46 PM, Allen Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, May 2, 2009 at 7:45 AM, David Shaw
<ds...@jabberwocky.com> wrote:
The short answer is that you can only use a 160-bit hash with
your default
DSA key. That means SHA-1 or RIPEMD/160. There is a feature
you can enable
(--enable-dsa2) that will allow you to use a bigger hash --
but you can
still only use 160 bits worth of it. So if you use SHA-256,
you're actually
only taking 160 bits worth of it and discarding the rest.
I'm stuck with that smaller key until I change the subkeys, but
a question about the two hashes. What's the difference in SHA-1
and RIPEMD/160?
They're different algorithms that have the same hash size (160 bits).
The recent attacks against SHA-1 do not apply to RIPEMD/160, but note
that RIPEMD/160 is attacked far less than SHA-1 is.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
