On Thu, Sep 10, 2009 at 5:08 PM, David Shaw <ds...@jabberwocky.com> wrote: > The real headache here is (as always) the practical - what to do with > existing keys and such. I suspect that removing SHA1 would effectively mean > a new key type for OpenPGP (again, not a disaster - we're on our 4th key > type today).
Ok,.. but then people would "loose" all their collected signatures on their keys and to other keys :-( > That isn't to say there aren't differences between systems - the FreeBSD > PRNG (which seems to have been inherited by OSX) is of a fairly different > construction than the Linux one, which has led to some mild controversy in > the past. Notably, the Linux one blocks if you run out of gathered entropy, > and the FreeBSD one does not. FreeBSD /dev/random is similar to Linux's > /dev/urandom. So I better use Linux and not FreeBSD ;) > I'm not exactly sure what you mean by "hash algorithm armor". RSA in > OpenPGP does have a additional protection (usually called a "hash firewall") > that DSA lacks. This gives some protection against hash substitution > attacks, but it's not a major deal either way. Yeah,.. that's the issue I've meant... > It's true that NIST's guidelines say that to truly get the maximum juice out > of a 512-bit hash, you should use a 15360-bit key, but that doesn't mean you > must. That overall strength of the system is the weakest point, so as long > as that weakest point is strong enough, you're fine. *still cannot believe, that I've remembered the exact number :-O * Thanks, Philippe. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users