Bunch of stupid(?) Newbie Questions :)

Johan Wevers johanw@vulcan.xs4all.nl
Wed Dec 4 21:56:02 2002


David Pic=F3n =C1lvarez wrote:

> Whereas starting out from RSA 4096 seems like a good way to keep your
> signing key alife for a longer period. There are already GnuPG versions
> that support sha-2 after all.

Yes, however this is more difficult with the 1.2 versions now since they
don't support loading SHA2 as library. Before 1.2.0, using a sha2.dll or=20
sha2.o file would do the job, although a SHA2 clearsignature required som=
e
minor code changes.

> Also, from what people are saying, I induce that PGP doesn't come with
> source,

Well, pgp 6.5.8 was the latest version that came with full source. The we=
ll
known CKT versions are a development branch from the 6.5.8 source.

> which is somewhat delicate on a cryptographic product.

I'd rather say unacceptable.

--=20
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html