Which Digest Algorithm to use?

Olaf Gellert og at pre-secure.de
Fri Mar 3 16:04:52 CET 2006


I do have some old PGP-2 keys (that are pretty well
connected in the WebOfTrust). I understand that PGP2
keys use MD5 as default hash algorithm and they do
not contain any fields to store adapted preferences.
But I still can use "--digest-algorithm" to create
SHA1 or SHA256 signatures. But what are the implications
of this? I guess GPG will successfully validate these
signatures. PGP2 will certainly not. What about PGP 6,
7, 8, ...?

Which algorithm should be used instead of MD5? Right
now I would switch to SHA256 (because there were first
indications of weaknesses in SHA1 already)...

Does this makes any sense anyways because the own
selfsignatures use MD5 which is weak. I could do
new self-sigs with another algorithm, correct?

What is the actual proposed way to go?

Pointers to documents regardings this are as welcome
as any other hints... :-)

Regards, Olaf

Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at pre-secure.de

                        A daily view on Internet Attacks

More information about the Gnupg-users mailing list