Which Digest Algorithm to use?
og at pre-secure.de
Fri Mar 3 16:04:52 CET 2006
I do have some old PGP-2 keys (that are pretty well
connected in the WebOfTrust). I understand that PGP2
keys use MD5 as default hash algorithm and they do
not contain any fields to store adapted preferences.
But I still can use "--digest-algorithm" to create
SHA1 or SHA256 signatures. But what are the implications
of this? I guess GPG will successfully validate these
signatures. PGP2 will certainly not. What about PGP 6,
7, 8, ...?
Which algorithm should be used instead of MD5? Right
now I would switch to SHA256 (because there were first
indications of weaknesses in SHA1 already)...
Does this makes any sense anyways because the own
selfsignatures use MD5 which is weak. I could do
new self-sigs with another algorithm, correct?
What is the actual proposed way to go?
Pointers to documents regardings this are as welcome
as any other hints... :-)
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og at pre-secure.de
A daily view on Internet Attacks
More information about the Gnupg-users