Can you clarify when data compression is used?

Kevin Hilton kevhilton at gmail.com
Tue Feb 5 05:18:01 CET 2008


>As of 1.4.8 and 2.0.8, and subject to change in future versions:
>
>Cipher:      AES256, AES192, AES, CAST5, 3DES
>Hash:	     SHA1, SHA256, RIPEMD160
>Compression: ZLIB, BZIP2, ZIP, None

You are absolutely correct about these settings.  Perhaps this should
be included in documentation (and changed when needed), since I would
consider these to be the default settings for cipher, hash, and
compression choice.


>All the --enable-dsa2 switch
>does (and again, it's off by default in 1.4.8 and 2.0.8), is allow you
>to generate a DSA key that is larger than 1024 bits or has a hash
>larger than 160 bits.

This seems peculiar to me.  Why is this setting turned off by default?
 I'm not at war with anyone in these forums, but many have
acknowledged the shortcomings of using 160 bit hashes -- at least with
the SHA1 hash.  In the same vain, aren't keys sizes larger than 1024
bits actually now recommended?

The default fallback allows the creation of a 1024 bit DSA key
utilizing the SHA-1 hash -- the preferred preference.  Again I know
nothing about cryptography but based on the links provided by users'
of this forum, it would seem that the choice or a larger DSA key and
different hash would be preferable?.



More information about the Gnupg-users mailing list