> - When creating a new key,.. it uses the entropy, right? So is there > some way to improve this entropy? Perhaps not using Linux but instead > OpenBSD which might have a better PRNG (don't know if this is actually > the case ;) ) or use a specific Linux kernel version where a newer and > better PRNG was added?
Not really. If there were good reasons to believe OpenBSD's entropy collector was better than Linux's, the Linux crew would fix the code, maybe even borrowing OpenBSD's entropy collector. > -Currently the default (and I assume suggested) algorithm is RSA, > right? How does DSA2 compare with it? Arguing whether RSA or DSA2 is better is kind of like arguing whether King Kong or Godzilla is better at stomping cities flat. > I once read, that RSA would > provide a hash algorithm armor which the DSA's wouldn't have. Is this > still true? Yes. No. Not really. Kind of. RSA gives you a lot of freedom, yes. You could put SHA512 on an RSA-3 (as in "three bits of key") signature and it won't bat an eyelash. It's _stupid_, but it won't bat an eyelash. So, sure. RSA gives you more freedom with hashes than DSA2, but that's not necessarily a good thing. > should lead to about the same "strenght"... Beware of those numbers. I don't know anyone who takes them seriously. They are conjecture and speculation. Educated conjecture and speculation, sure: some of the brightest minds out there worked on the conjecture and speculation -- but they're still conjecture and speculation. That said, there's nothing wrong with using those numbers as long as you remember that they're conjecture. > So we have 512/256 bits for the later two,.. but per default much less > for the asymmetric... Does this mean, that the other two are overkill > for what we use in gpg? Probably. But it isn't as if it matters much. > - When creating new keys (I'd like to "convince" some more friends to > take part :) )... should they create their keys with gpg1 or gpg2? Or > is the key generation equally secure? If memory serves, the key generation code is identical between the 1.4 and 2.0 branches. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
