L. Sassaman
Fri, 14 Apr 2000 02:17:20 -0700 (PDT)

Hash: SHA1

On Fri, 14 Apr 2000, Werner Koch wrote:

> On Thu, 13 Apr 2000, L. Sassaman wrote:
> > about 5.x violations. Show me 6.0 non-compliance issues, other than the
> > photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP
> > Inc.'s product. ;) )
> There used to be a signature subpacket with some X.509 data, the
> subpacket number was not in the private/experimenatl range and not
> specified by OpenPGP.
> > Note, also, that GnuPG does not use DSS by default. The jury is still out
> > on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It
> Hmmm? just did a simple test without any special options (gpg -s hallo):
[snip example]
> digest algo 2 is SHA-1, so it looks very much like DSS; I have to
> confess that the GnuPG does not use the recommended prosecure for key
> generation.
Okay, I stand corrected. I must confess, I didn't test it... I just assumed from the man page that RIPEMD160 was the default: --s2k-digest-algo name Use name as the digest algorithm used to mangle the passphrases. The default algorithm is RIPE- MD-160. This digest algorithm is also used for conventional encryption if --digest-algo is not given. ... but then of course when I went back and checked it again, I realized I had thought I was looking at "--digest-algo". Oops. But the point is still valid to those who wish to tweak their settings for no reason: using RIPEMD160 instead of SHA-1 with DSA keys makes them not DSS. It is my recommendation that people use SHA-1 with DSA keys unless at some point they are given good reason not to trust SHA-1. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger:// | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE49uInPYrxsgmsCmoRAvWdAKDfBESlEhsmmgRozlpE/E6G1JUl6ACghNPo 0zBFAPBxhK2LNtX2XIyAzCs= =qeSv -----END PGP SIGNATURE-----