Questions about generating keys (hash firewalls)
David Shaw
dshaw at jabberwocky.com
Fri Aug 24 21:52:40 CEST 2007
On Fri, Aug 24, 2007 at 09:06:24PM +0300, Oskar L. wrote:
> Do hash firewalls have any drawbacks (performance decrease, difficult to
> implement, patent issues etc.)? What's the reason DSA doesn't have one?
I suspect a major reason is the main use of DSA is really DSS - and
DSS was never intended to be used with any hash other than SHA-1.
It gets a little stickier with DSA2/DSS2 where there are several
possible hashes. For example, a 1024/160 DSA key can use SHA1, but
also SHA224, SHA256, SHA384, or SHA512, by truncating them to 160
bits.
David
More information about the Gnupg-users
mailing list