On Fri, Apr 5, 2013 at 2:32 AM, Laurens Van Houtven <_...@lvh.cc> wrote:
> DSA, by default, used SHA-1; recent revisions support SHA-2. A few years > ago, GnuPG and several big users including Debian and Apache started > suggesting the move to RSA instead of DSA keys. The algorithms vary a bit > in speed and signature size, but the main reason was to allow newer hash > functions. > > That said, I'm pretty sure GPG uses a newer revision of DSA: when I left > the defaults untouched near the end of 2012, it still seemed to prefer > DSA/ElGamal despite the news from a few years ago. IIRC, the first version > of the algorithm only allowed 1024 bit keys, whereas my DSA key is 3072. > DSA keys larger than 1024 bit(?) are "non-standard", but I think the bigger issue is that DSA only supports 160-bit hashes; larger hashes will be truncated, which means you don't gain much by using SHA-256/SHA-512/etc. instead of SHA-1. DSA2 can handle larger hashes, but there's no real reason to use DSA2 when RSA is so widespread. I think this is the reason the defaults are changing (were changed?) in GnuPG. I guess this is drifting off-topic though... Here's how you check what you support and in which preference: > Thanks, much more useful than my vague speculation about defaults ;) -- mithrandi, i Ainil en-Balandor, a faer Ambar
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
