Which Digest Algorithm to use?

David Shaw dshaw at jabberwocky.com
Fri Mar 3 16:50:44 CET 2006

On Fri, Mar 03, 2006 at 04:04:52PM +0100, Olaf Gellert wrote:
> Hi,
> I do have some old PGP-2 keys (that are pretty well
> connected in the WebOfTrust). I understand that PGP2
> keys use MD5 as default hash algorithm and they do
> not contain any fields to store adapted preferences.
> But I still can use "--digest-algorithm" to create
> SHA1 or SHA256 signatures. But what are the implications
> of this? I guess GPG will successfully validate these
> signatures. PGP2 will certainly not. What about PGP 6,
> 7, 8, ...?

There is a misunderstanding here.  PGP 2 keys don't use MD5 as a
default hash algorithm.  They act just like any other key - they use
the prefs on the *recipient* keys, filtered through
personal-digest-prefs, and if all else fails, use SHA-1.

> Which algorithm should be used instead of MD5? Right
> now I would switch to SHA256 (because there were first
> indications of weaknesses in SHA1 already)...

There are "first indications" of weaknesses in all algorithms.  If I
recall, SHA-1 even with all attacks against it, is still stronger than
MD5 was even before all the attacks against it.

> Does this makes any sense anyways because the own
> selfsignatures use MD5 which is weak. I could do
> new self-sigs with another algorithm, correct?

Yes, but then you can't use the key in PGP 2 any longer.

> What is the actual proposed way to go?

I'd just make a v4 key and move on.


More information about the Gnupg-users mailing list