On 24/02/11 8:03 PM, Doug Barton wrote: > On 02/23/2011 22:26, Aaron Toponce wrote: >> >> Given the release of v1.4.10, the SHA256 hashing algorithm is >> preferred over SHA1. Yet, after updating my default preferences >> with 'setpref' and signing some text, SHA1 is still used as the >> default hashing algorithm. Is there something else I need to do to >> ensure that I'm using SHA256 by default for the hash? > > You're using a 1024 bit DSA key, which won't allow for 256 bit > hashes. RIPEMD-160 is the largest you can use, and works well for > that kind of key.
Well, he can use SHA256 or SHA512, but like mine it will be truncated to 160 bits, as was explained to me on this list a couple of months ago. As I recall, I edited the key with setpref to this: Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 Compression: BZIP2, ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Then added this to gpg.conf: enable-dsa2 default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8 H11 H3 H2 H1 Z3 Z2 Z1 Z0 personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 personal-digest-preferences H10 H9 H8 H11 H3 H2 H1 personal-compress-preferences Z3 Z2 Z1 Z0 IDEA is only included because of one or two freaks I know who still use it. Oh and some ancient stuff I encrypted around fifteen years ago, but have yet to convert. Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
