Weaknesses in SHA-1, gnupg dev versions

David Shaw dshaw at jabberwocky.com
Mon Sep 27 01:52:09 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Sep 22, 2004 at 06:47:27PM -0400, Atom 'Smasher' wrote:
> On Wed, 22 Sep 2004, Thomas Schorpp wrote:
> 
> > i would like sha512 too for better protection of my passphrase(?). 
> > sorry, i cant afford helping implementing crypto-algorithms in gnupg.
> ===============
> 
> it may or may not be any better.
> 
> --s2k-digest-algo
> 
> of course that wil work with almost any hash other than SHA-512 ;)
> 
> hhmmm... just noticed the (1.2.4) man page on that:
> 
>         --s2k-digest-algo name
>  	Use name as the digest algorithm used to mangle the passphrases.
>  	The default algorithm is SHA-1.  This digest algorithm is also
>  	used for conventional encryption if --digest-algo is not given.
> 
> i'm not sure what that last sentence means here, but it's not in the 1.3.6 
> man page.

It means that in 1.2.x that --digest-algo is used for passphrase
mangling when using --symmetric, but --s2k-digest-algo is used for
other passphrase mangling.  In 1.3.x, --s2k-digest-algo is used for
all passphrase mangling.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.90-cvs (GNU/Linux)

iGoEARECACoFAkFXVikjGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h
c2MACgkQ4mZch0nhy8nsBACfejHYdgA1pr7KZ3ZZ7f+4WFLEb/UAoM2YHpPYObyL
kGopYY4m0pMDwtVf
=D+I2
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list