Compatibility

L. Sassaman rabbi@quickie.net
Fri, 14 Apr 2000 02:17:20 -0700 (PDT) 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 14 Apr 2000, Werner Koch wrote:


> On Thu, 13 Apr 2000, L. Sassaman wrote:

> 

> > about 5.x violations. Show me 6.0 non-compliance issues, other than the

> > photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP

> > Inc.'s product. ;) )

> 

> There used to be a signature subpacket with some X.509 data, the

> subpacket number was not in the private/experimenatl range and not

> specified by OpenPGP.

> 

> > Note, also, that GnuPG does not use DSS by default. The jury is still out

> > on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It

> 

> Hmmm? just did a simple test without any special options (gpg -s hallo):


[snip example]
 

> digest algo 2 is SHA-1, so it looks very much like DSS; I have to

> confess that the GnuPG does not use the recommended prosecure for key

> generation.


Okay, I stand corrected. I must confess, I didn't test it... I just
assumed from the man page that RIPEMD160 was the default:

       --s2k-digest-algo name
                 Use  name as the digest algorithm used to mangle
                 the passphrases.  The default algorithm is RIPE-
                 MD-160.   This digest algorithm is also used for
                 conventional encryption if --digest-algo is  not
                 given.

... but then of course when I went back and checked it again, I realized I
had thought I was looking at "--digest-algo".

Oops.

But the point is still valid to those who wish to tweak their settings for
no reason: using RIPEMD160 instead of SHA-1 with DSA keys makes them not
DSS. It is my recommendation that people use SHA-1 with DSA keys unless at
some point they are given good reason not to trust SHA-1.


- --Len.

__

L. Sassaman

System Administrator                |  "All of the chaos
Technology Consultant               |   Makes perfect sense..."
icq.. 10735603                      |
pgp.. finger://ns.quickie.net/rabbi |              --Joe Diffie



-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE49uInPYrxsgmsCmoRAvWdAKDfBESlEhsmmgRozlpE/E6G1JUl6ACghNPo
0zBFAPBxhK2LNtX2XIyAzCs=
=qeSv
-----END PGP SIGNATURE-----