-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, May 02, 2009 at 09:45:11AM -0400, David Shaw wrote: > On May 2, 2009, at 6:25 AM, Simon Ruderich wrote: > > The short answer is that you can only use a 160-bit hash with your > default DSA key. That means SHA-1 or RIPEMD/160. There is a feature you > can enable (--enable-dsa2) that will allow you to use a bigger hash -- but > you can still only use 160 bits worth of it. So if you use SHA-256, > you're actually only taking 160 bits worth of it and discarding the rest. > > To truly use all of a larger hash, you need to either use a RSA key or a > large (not default) DSA key (i.e. generated with --enable-dsa2 switched > on, and a larger size than 1024 bits selected). > > David
Hi, Thanks for your reply. As it looks like SHA-1 is not so secure anymore I want to switch to something stronger, e.g. SHA-256. What is best way (for a normal user like me) to do this? The solution should be as compatible as possible (I think I read - --enable-dsa2 doesn't work with some clients). I often read I should stick with the defaults but as SHA-1 has it's problems I would prefer a "better" hash; and this doesn't seem to work with the defaults. Thanks, Simon - -- + privacy is necessary + using http://gnupg.org + public key id: 0x6115F804EFB33229 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkn9iz8ACgkQYRX4BO+zMilb8QCggjba5LS7wYh+JtKUokp0H2Kv TWUAnjr/xfauGS3bq5rdv5LsLxr0mW+M =rbFp -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
