Bunch of stupid(?) Newbie Questions :)
Johan Wevers
johanw@vulcan.xs4all.nl
Wed Dec 4 21:56:02 2002
David Pic=F3n =C1lvarez wrote:
> Whereas starting out from RSA 4096 seems like a good way to keep your
> signing key alife for a longer period. There are already GnuPG versions
> that support sha-2 after all.
Yes, however this is more difficult with the 1.2 versions now since they
don't support loading SHA2 as library. Before 1.2.0, using a sha2.dll or=20
sha2.o file would do the job, although a SHA2 clearsignature required som=
e
minor code changes.
> Also, from what people are saying, I induce that PGP doesn't come with
> source,
Well, pgp 6.5.8 was the latest version that came with full source. The we=
ll
known CKT versions are a development branch from the 6.5.8 source.
> which is somewhat delicate on a cryptographic product.
I'd rather say unacceptable.
--=20
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html