digest preferences [was: Re: diverging from upstream defaults]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Sep 15 01:43:01 CEST 2017

On Wed 2017-09-13 12:13:15 -0400, Robert J. Hansen wrote:
>> --default-preference-list indicates what algorithms to advertise in a
>> newly-generated key.  For most modern 64-bit computers, sha-512 is
>> faster to compute at any reasonable size, so it looks to me like the
>> published preference order should be changed to indicate a preference
>> for SHA512 by default.  People with special hardware or custom needs can
>> always edit their configuration.
> Begging pardon, but this seems like a very weak justification to me.
> SHA512 versus SHA256 timings will be significant only for people doing
> lots of signatures on extremely large files in soft-realtime
> environments.  Outside of that, really, who cares if SHA512 is a
> millisecond quicker when signing an email if you're handling under a
> thousand documents a day?

I agree that an argument about SHA512 being more performant isn't a
great one.  However, there's often an assumption that the larger
security margin an algorithm has, the more expensive it is.

In this case, the argument for stating a preference for SHA-512 is
"larger security margin *and* a (slight) reduction in cost".

There is no change in the size of messages on the wire here.

So the move to stating a preference for SHA-512 seems like win-win to

Any other feedback on this suggestion?  should i publish a change for

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170914/f5df849e/attachment-0001.sig>

More information about the Gnupg-devel mailing list