Which Digest Algorithm to use?
dshaw at jabberwocky.com
Fri Mar 3 16:50:44 CET 2006
On Fri, Mar 03, 2006 at 04:04:52PM +0100, Olaf Gellert wrote:
> I do have some old PGP-2 keys (that are pretty well
> connected in the WebOfTrust). I understand that PGP2
> keys use MD5 as default hash algorithm and they do
> not contain any fields to store adapted preferences.
> But I still can use "--digest-algorithm" to create
> SHA1 or SHA256 signatures. But what are the implications
> of this? I guess GPG will successfully validate these
> signatures. PGP2 will certainly not. What about PGP 6,
> 7, 8, ...?
There is a misunderstanding here. PGP 2 keys don't use MD5 as a
default hash algorithm. They act just like any other key - they use
the prefs on the *recipient* keys, filtered through
personal-digest-prefs, and if all else fails, use SHA-1.
> Which algorithm should be used instead of MD5? Right
> now I would switch to SHA256 (because there were first
> indications of weaknesses in SHA1 already)...
There are "first indications" of weaknesses in all algorithms. If I
recall, SHA-1 even with all attacks against it, is still stronger than
MD5 was even before all the attacks against it.
> Does this makes any sense anyways because the own
> selfsignatures use MD5 which is weak. I could do
> new self-sigs with another algorithm, correct?
Yes, but then you can't use the key in PGP 2 any longer.
> What is the actual proposed way to go?
I'd just make a v4 key and move on.
More information about the Gnupg-users