Thu, 13 Apr 2000 15:15:45 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 13 Apr 2000, L. Sassaman wrote:
> Note, also, that GnuPG does not use DSS by default. The jury is still out
> on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It
> could be just as secure, but "could be's" are not usually something you
> want to mess with in cryptography.
And I meant to continue and say that PGP doesn't recognise signatures made
with DSA that don't comply with DSS. Thus, you can use RIPEMD160 with RSA,
but if used with DSA (the default in GnuPG) it will result in a "BAD
SIG" warning if verified with PGP.
System Administrator | "All of the chaos
Technology Consultant | Makes perfect sense..."
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----