On 12/12/2010 2:10 AM, David Tomaschik wrote: > In my gpg.conf, I have (other than keyserver/no-greeting/etc. settings): > personal-digest-preferences SHA512 > cert-digest-algo SHA512 > > Are there any other settings (or changes to these) that would be > considered more "forward looking"?
personal-digest-prefs is probably a bit off. For instance, if for any reason SHA512 is unavailable it will degrade to SHA-1, which you probably don't want. It's generally best to include all the algorithms you'll accept, in whatever order you like. E.g.: personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 This way you have a natural degradation in hash preferences: rather than immediately degrading to SHA-1, it gives you more options to keep on using strong hashes. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
