More comments on GnuPG from a new user!

Simpson, Sam s.simpson@mia.co.uk
Tue, 11 Jan 2000 12:20:38 +0000



>From the FAQ distributed with 1.0.1:
" Q: What is the recommended key size? A: 1024 bit for DSA signatures; even for plain ElGamal signatures this is sufficient as the size of the hash is probably the weakest link if the keysize is larger than 1024 bits. Encryption keys may have greater sizes, but you should than check the fingerprint of this key: "gpg --fingerprint --fingerprint <user ID>". "
>From Lenstra/Verheul: 160-bit hash roughly equiv to 1513-bit ElGamal / RSA
key. Also don't forget that breaking the hash allows one message to be forged whereas a break of ElGamal allows any number of messages to be forged / read so there can be a fair argument for making the asymmetric cipher significantly stronger than the hash function. I've started looking at the documentation that comes with GnuPG (\gnupg-1.0.1\doc), the "--list-keys --with-colons" option is cool - this could option could do with being listed on gpg --help though? How many other functions have command line options that aren't documented in --help is there a list somewhere (apart from the source code ;). Regards, Sam Simpson Communications Analyst -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption & Delphi Crypto Components. PGP Keys available at the same site.