hash algorithm

[David Shaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jul 07, 2003 at 04:19:50PM -0400, CL Gilbert wrote:
> What is the hash algorithm for, or what is the hash itself for?  And why
> do I have several choices?  Is one better or preferred for a particular
> situation or reason?

The hash algorithm is used in several places, but generally the use
that matters most to people is when making a signature.  The data
being signed is hashed, and the resultant hash is what is signed.

What is the "best" algorithm is a matter of slight controversy.

GnuPG supports MD5, SHA-1, RIPEMD/160, TIGER192, SHA256, SHA384, and
SHA512.  However there are reasons to use or not use certain
algorithms:

MD5 is needed to make PGP 2.x compatible signatures.  Aside from that,
don't use it.  It's not broken, but is starting to show some weakness.

SHA-1 has the nice advantage that it is guaranteed to be available in
all OpenPGP applications.

Don't use TIGER/192.  It is not going to be part of the next OpenPGP
revision, and using it now will just make that transition harder.
This is only available if you enable it at build time.

SHA256/SHA384/SHA512: These are the "wide SHAs".  They are read-only
in the current version of GnuPG (that is, you can read a message from
someone else using these hashes, but cannot generate such a message
yourself).  384 and 512 are only available if you enabled them at
build time.

DSA keys can only sign using SHA-1 or RIPEMD/160.  RSA keys can use
any algorithm.

The short answer is, unless you have a good reason and know what you
are doing, use the default which is SHA-1.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE/Cdz54mZch0nhy8kRAgdxAKCYlZ7LDybT+4GApUhDHXBOzw/D4ACgkONW
SW/zfq5acI5XUXzC+AzrS50=
=0UDj
-----END PGP SIGNATURE-----