On 02/24/2011 04:03 AM, Doug Barton wrote: > On 02/23/2011 22:26, Aaron Toponce wrote: >> Given the release of v1.4.10, the SHA256 hashing algorithm is preferred >> over SHA1. Yet, after updating my default preferences with 'setpref' and >> signing some text, SHA1 is still used as the default hashing algorithm. >> Is there something else I need to do to ensure that I'm using SHA256 by >> default for the hash? > > You're using a 1024 bit DSA key, which won't allow for 256 bit hashes. > RIPEMD-160 is the largest you can use, and works well for that kind of key.
This isn't actually the case. Aaron's primary key (0x8086060F) is
indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey
(0xFC04088F), which is perfectly capable of using the stronger digests.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
