Questions about generating keys (hash firewalls)

Werner Koch wk at
Fri Aug 24 21:37:26 CEST 2007

On Fri, 24 Aug 2007 20:06, oskar at said:

> Do hash firewalls have any drawbacks (performance decrease, difficult to
> implement, patent issues etc.)? What's the reason DSA doesn't have one?

DSA ist the signature algorithm used with DSS, the Digital Signature
Standard.  DSS requires the use of DSA along with SHA-1 as the hash
algorithms.  Similar provisions have been setup for DSA1 i.e. the
combination of certain key sizes with certain hash algorithms.  Thus
there is no need for the hash firewall.

OpenPGP OTOH allows to use any suitable hash algorithms with DSA.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list