Signing or Encrypting to the Full Extent... Is It All About Key Size or What???

Atom 'Smasher' atom at suspicious.org
Tue Aug 3 07:53:25 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 2 Aug 2004, InHisGrip wrote:

> Sorry but I am just curious. If you would notice, I have signed this 
> message and it has PGP Signed - Hash:SHA1 only. How do I make this to 
> SHA256 or even greater as with Mr. Atom Smasher's all signed email 
> replies?
=========================

heh... whatever you do, don't do what i do  ;)
i have a habit of pushing the limits of pgp.

signatures of SHA-256 hashes can not be generated in 1.2.x branch of 
GnuPG... the development branch is not recommended for general 
consumption.

i noticed that you signed your message with a 4096-RSA key 0xD60DAC97. 
when 1.3.x development becomes 1.4.x stable, then you'll be able to sign 
messages with SHA-256 (keep reading for reasons *not* to do that)... most 
people, however, use DSS primary keys and will be unable to use that with 
any hash larger than SHA-1 (not that there'd be any point in doing that, 
since the key is limited to 1024).

of course, i would recommend adding 1024-2048 subkeys (to your 4096 key) 
for signing and encryption. that should be sufficient for the near term 
future, and you can always revoke a subkey that's too small or 
compromised, and replace it with a bigger subkey. and if that happens, you 
can still keep the same primary key and all signatures you collect on 
it... i suspect that in the not-too-distant future DSS will be abandoned, 
and with it a lot of signed keys.


> When I first generated a key, I chose the default DSA & ElGamal 1792 
> key. If I have generated RSA Sign and Encrypt with key as much as 4096, 
> would you think I would have SHA256 or unless otherwise? In other words, 
> more secure and harder for others to break? Or at least, will take a 
> little bit of time to?
====================

i was asking some SHA-256 questions on the development list, not long ago, 
and one fact that was pointed out to me is that SHA-256 isn't 
~necessarily~ stronger than SHA-1... it's not the same thing, only bigger; 
it's a different algorithm that hasn't been around as long, hasn't been 
studied as much, etc. history might prove that it's actually weaker than 
SHA-1... and support for SHA-256 isn't nearly as widespread as support for 
SHA-1, so if you send a message to someone using PGP-x, they may or may 
not be able to verify your signature.

OTOH, if one assumes that SHA-256 really is stronger than SHA-1, then it 
would be arguably more secure to sign messages with it... remember, you're 
not signing _the_message_, you're signing a _hash_ of the message... so, 
if someone wants to forge a signature they can do it by attacking the hash 
function... a larger hash (assumed to be more secure) would thus be harder 
to attack.


 	...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"When one tries to rise above Nature one is
 	 liable to fall below it."
 		-- Sherlock Holmes (Arthur Conan Doyle)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBDyhhAAoJEAx/d+cTpVci0X8IALLLmWzJgRTu4Wby6NORI5cz
uTDnTx78aKLTGHVZeQoud8VtPzV7C0zjJxUqXGCM1FZPsiwp5OfCr2ZN8De7vIMa
Tp/U/r7Z3ejJ3PuykBmILxOmKBTqni44KjmY04rVagFDfcUqzr1QQaZdrdRC3OwL
MhACe95XMdPo+RPWa9ebJUGkM+GDJII/6RXtaInGt7JozXvxX5omks8K37ey1pUD
1RtmuATGCQ9AUCEBLmyfe9ysZtk9V0TBcz1U/MT2pQoKbQQWUd35QNr3ExdIMBvc
1ZzirLOmLOdJdAqWy/WlsirxGyA6h0Lk2rWdBommp5/cDWKnzpZpT7X3J2h43l8=
=Ioxg
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list