Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Feb 24 16:32:11 CET 2011
On 02/24/2011 04:03 AM, Doug Barton wrote:
> On 02/23/2011 22:26, Aaron Toponce wrote:
>> Given the release of v1.4.10, the SHA256 hashing algorithm is preferred
>> over SHA1. Yet, after updating my default preferences with 'setpref' and
>> signing some text, SHA1 is still used as the default hashing algorithm.
>> Is there something else I need to do to ensure that I'm using SHA256 by
>> default for the hash?
> You're using a 1024 bit DSA key, which won't allow for 256 bit hashes.
> RIPEMD-160 is the largest you can use, and works well for that kind of key.
This isn't actually the case. Aaron's primary key (0x8086060F) is
indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey
(0xFC04088F), which is perfectly capable of using the stronger digests.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users