subkey types and preferences...
atom at suspicious.org
Tue Jul 6 18:54:51 CEST 2004
On Wed, 30 Jun 2004, Douglas F. Calvert wrote:
> Is there any consensus about which signing subkey type is better, RSA
> or DSA? And or for that matter El Gamal vs. RSA for encryption? What are
> the merits/drawbacks of the different key types?
it seems to be nearly all about personal preferences. personally, i think
1024 is a limiting factor of DSS and that it's usable lifetime is coming
too close to an end; so i use a 4096 RSA primary key, with a DSA subkey
that can be revoked and replaced when the time comes.
some people will say that different algorithms are more secure, faster,
better, etc... or that some algorithms can be broken... in reality, all of
the algorithms used by gpg are good, and on any reasonably recent computer
you won't notice any differences in speed when using reasonably sized
> The next questions are about the preferences for keys:
> Why does my image uid have different preferences than my first UID? I
> imagine that it is because the uid was added with a newer version of
> gnupg. Should I update the preferences of ID 1 to match those of UID2?
> And while we are on the subject of preferences are there any other
> preferences that I should update? I generated a test key with 1.2.4 and
> the default preferences are:
the preferences of the picture, AFAIK, aren't used by anything. there's
nothing wrong with old default prefs, and you can update them whenever you
like... just be aware that anytime you update prefs you generate a new
self-sig; if a bunch of those find their way to the keyservers, you'll
wind up with a bunch of self-sigs on your key... nothing to be concerned
about, except for aesthetic reasons since all but the most recent
self-sigs are ignored.
> I am most concerned about security and the overwhelming majority of my
> communications are with people who use gnupg. With that in mind should I
> go with the default updpref or is there a set of preferences that would
> match my tin-foil hat better?
there are a lot of people with tin-foil hats who argue both for and
against the algorithms used by gpg... no two tin-foil hats are the same.
put a copy of "applied cryptography" under your pillow... if you have a
dream about the NSA breaking a cipher, don't use it.
> Finally, I noticed that werner's key 57548DCD, has more than the normal
> two digest prefs that I have run across. Out of curiosity is there a
> good reason to have a short or long list of preferred ciphers/digests?
for now, most everything uses SHA1. if/when you update your prefs, i'd
suggest adding the larger SHA variants... eventually they should come into
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"If a baseball player slides into home plate and, right
before the umpire rules if he is safe or out, the player
says to the umpire - 'Here is $1,000.' What would we
call that? We would call that a bribe.
If a lawyer was arguing a case before a judge and said,
'Your honor before you decide on the guilt or innocence
of my client, here is $1,000.' What would we call that?
We would call that a bribe.
But if an industry lobbyist walks into the office of a
key legislator and hands her or him a check for $1,000,
we call that a campaign contribution.
We should call it a bribe."
-- Janice Fine
Dollars and Sense magazine
More information about the Gnupg-users