On May 8, 2009, at 3:26 AM, Raimar Sandner wrote:
On Friday 08 May 2009 09:14:27 Raimar Sandner wrote:
On Friday 08 May 2009 02:09:31 David Shaw wrote:
One fear that I've seen talked about for SHA-1 is that an attacker
can
create a duplicate document such that if you signed document or
key
On Friday 08 May 2009 09:14:27 Raimar Sandner wrote:
> On Friday 08 May 2009 02:09:31 David Shaw wrote:
> > One fear that I've seen talked about for SHA-1 is that an attacker can
> > create a duplicate document such that if you signed document or key A,
> > they could come up with a document or key
On Friday 08 May 2009 02:09:31 David Shaw wrote:
> One fear that I've seen talked about for SHA-1 is that an attacker can
> create a duplicate document such that if you signed document or key A,
> they could come up with a document or key B that your signature would
> equally apply to. That fear
On May 7, 2009, at 7:17 PM, Christoph Anton Mitterer wrote:
On Tue, 2009-05-05 at 22:16 -0400, David Shaw wrote:
I'm not sure if this leads to the same discussion that we had some
time
ago on the WG-list (about explicitly revoking previous self-
sigs),...
but if a key has self-sigs with diffe
On Tue, 2009-05-05 at 22:16 -0400, David Shaw wrote:
> > I'm not sure if this leads to the same discussion that we had some
> > time
> > ago on the WG-list (about explicitly revoking previous self-sigs),...
> > but if a key has self-sigs with different hash-algos,... does this
> > "allow" downgra
On May 5, 2009, at 5:21 PM, Christoph Anton Mitterer wrote:
On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
Re-issuing your self-sigs is more or less harmless. The keyservers
never delete anything, so they'll end up with both the old and new.
I'm not sure if this leads to the same discu
On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
> I believe that's it. Fingerprints, revocation signatures (which use
> fingerprints internally), and the MDC.
> While I would start (did start, actually, a few years ago) using
> SHA-256 to certify other people's keys, I wouldn't bother r
On May 4, 2009, at 1:40 PM, Christoph Anton Mitterer wrote:
On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
It's important to remember that this isn't a completely SHA-1 free
key, as that is not currently possible in the OpenPGP protocol, but
it
is possible to make a "use as little SHA-
On May 4, 2009, at 11:21 AM, Raimar Sandner wrote:
On Monday 04 May 2009 04:56:24 David Shaw wrote:
If you want a DSA2 key:
gpg --enable-dsa2 --gen-key
Select option 1, and enter 3072 for the DSA key size.
If you want an RSA key:
gpg --cert-digest-algo sha256 --gen-key
Select option
On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
> It's important to remember that this isn't a completely SHA-1 free
> key, as that is not currently possible in the OpenPGP protocol, but it
> is possible to make a "use as little SHA-1 as possible key".
Is there anything else than the finge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Raimar Sandner escribió:
> On Monday 04 May 2009 04:56:24 David Shaw wrote:
>
>> If you want a DSA2 key:
>>
>>gpg --enable-dsa2 --gen-key
>>
>> Select option 1, and enter 3072 for the DSA key size.
>
>
>> If you want an RSA key:
>>
>> gpg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, May 03, 2009 at 10:56:24PM -0400, David Shaw wrote:
> [snip]
>
> The end result will be a key that does not use SHA-1 either in its
> internal construction or in signatures it makes elsewhere. Keep in mind
> that there are some clients out t
On Monday 04 May 2009 04:56:24 David Shaw wrote:
> If you want a DSA2 key:
>
>gpg --enable-dsa2 --gen-key
>
> Select option 1, and enter 3072 for the DSA key size.
> If you want an RSA key:
>
> gpg --cert-digest-algo sha256 --gen-key
>
> Select option 5. Enter a RSA key size. The defau
On May 3, 2009, at 8:17 AM, Simon Ruderich wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, May 02, 2009 at 09:45:11AM -0400, David Shaw wrote:
On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
The short answer is that you can only use a 160-bit hash with your
default DSA key. Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, May 02, 2009 at 09:45:11AM -0400, David Shaw wrote:
> On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
>
> The short answer is that you can only use a 160-bit hash with your
> default DSA key. That means SHA-1 or RIPEMD/160. There is a featu
Allen Schultz wrote:
> I'm stuck with that smaller key until I change the subkeys, but
> a question about the two hashes. What's the difference in SHA-1
> and RIPEMD/160?
Not much. They're both 160-bit Merkle-Damgard hashes. RIPEMD160 comes
out of Europe, SHA-1 comes out of the National Security
On May 2, 2009, at 3:46 PM, Allen Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, May 2, 2009 at 7:45 AM, David Shaw
wrote:
The short answer is that you can only use a 160-bit hash with
your default
DSA key. That means SHA-1 or RIPEMD/160. There is a feature
you can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Allen Schultz escribió:
> I'm stuck with that smaller key until I change the subkeys, but
> a question about the two hashes. What's the difference in SHA-1
> and RIPEMD/160?
Take a look at: http://en.wikipedia.org/wiki/RIPEMD
Best Regards
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, May 2, 2009 at 7:45 AM, David Shaw
wrote:
> The short answer is that you can only use a 160-bit hash with
your default
> DSA key. That means SHA-1 or RIPEMD/160. There is a feature
you can enable
> (--enable-dsa2) that will allow you to use
On May 2, 2009, at 10:47 AM, Raimar Sandner wrote:
On Saturday 02 May 2009 15:45:11 David Shaw wrote:
On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
I would like to use a different hash than SHA-1. I tried setting
personal-digest-preferences SHA256 in my gpg.conf but it didn't
work. What ha
On Saturday 02 May 2009 15:45:11 David Shaw wrote:
> On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
> > I would like to use a different hash than SHA-1. I tried setting
> > personal-digest-preferences SHA256 in my gpg.conf but it didn't
> > work. What hash can I use with my key (default DSA/Elga
On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:
I would like to use a different hash than SHA-1. I tried setting
personal-digest-preferences SHA256 in my gpg.conf but it didn't
work. What hash can I use with my key (default DSA/Elgamel key)
and how?
The short answer is that you can only use
On Saturday 02 May 2009 14:11:46 John W. Moore III wrote:
> Simon Ruderich wrote:
> > I would like to use a different hash than SHA-1. I tried setting
> > personal-digest-preferences SHA256 in my gpg.conf but it didn't
> > work. What hash can I use with my key (default DSA/Elgamel key)
> > and how?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Simon Ruderich wrote:
> I would like to use a different hash than SHA-1. I tried setting
> personal-digest-preferences SHA256 in my gpg.conf but it didn't
> work. What hash can I use with my key (default DSA/Elgamel key)
> and how?
Which version of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I would like to use a different hash than SHA-1. I tried setting
personal-digest-preferences SHA256 in my gpg.conf but it didn't
work. What hash can I use with my key (default DSA/Elgamel key)
and how?
Thanks for your help,
Simon
- --
+ privacy
25 matches
Mail list logo
