Fri, 14 Apr 2000 02:17:20 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 14 Apr 2000, Werner Koch wrote:
> On Thu, 13 Apr 2000, L. Sassaman wrote:
> > about 5.x violations. Show me 6.0 non-compliance issues, other than the
> > photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP
> > Inc.'s product. ;) )
> There used to be a signature subpacket with some X.509 data, the
> subpacket number was not in the private/experimenatl range and not
> specified by OpenPGP.
> > Note, also, that GnuPG does not use DSS by default. The jury is still out
> > on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It
> Hmmm? just did a simple test without any special options (gpg -s hallo):
> digest algo 2 is SHA-1, so it looks very much like DSS; I have to
> confess that the GnuPG does not use the recommended prosecure for key
Okay, I stand corrected. I must confess, I didn't test it... I just
assumed from the man page that RIPEMD160 was the default:
Use name as the digest algorithm used to mangle
the passphrases. The default algorithm is RIPE-
MD-160. This digest algorithm is also used for
conventional encryption if --digest-algo is not
... but then of course when I went back and checked it again, I realized I
had thought I was looking at "--digest-algo".
But the point is still valid to those who wish to tweak their settings for
no reason: using RIPEMD160 instead of SHA-1 with DSA keys makes them not
DSS. It is my recommendation that people use SHA-1 with DSA keys unless at
some point they are given good reason not to trust SHA-1.
System Administrator | "All of the chaos
Technology Consultant | Makes perfect sense..."
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
-----END PGP SIGNATURE-----