Question about history of hash and cipher collections

Kevin Hilton kevhilton at
Wed Jan 16 03:48:20 CET 2008

Just a few follow-up points

My advice has been the same for years: unless you know precisely what
you're doing and why, stick with the defaults.  GnuPG's defaults are
excellent.  They make good sense.  They interoperate well.  Don't mess
with them unless you know precisely what you're doing and why.

However in your link:,
you recommend other things (as discussed below).

>From my limited knowledge, the default GnuPG settings are to create a
1024-bit DSA signing key, a 1024-bit ElGamal encryption key, a 3DES
symmetric cipher, and SHA-1 hash.

In your link however, you recommend the creation of 1024 or 2048 RSA
signing and encryption keys (or DSA2 signing key with RSA encryption
key??), and to choose something else other than the SHA-1 hash.

It would seem from your the information in your link, it would not be
best to follow the default settings in terms of signing/encryption key
creation, and hash algorithm.  What hash algorithm should I be using,
if SHA-1 is not preferred? SHA512??

Who chooses the defaults in terms of DSA/ElGamal signing/encryption
keys?  Is this set by the GnuPG programmers or they OpenGPG standard?

More information about the Gnupg-users mailing list