Question about history of hash and cipher collections
Robert J. Hansen
rjh at sixdemonbag.org
Wed Jan 16 04:23:58 CET 2008
Kevin Hilton wrote:
> In your link however, you recommend the creation of 1024 or 2048 RSA
> signing and encryption keys (or DSA2 signing key with RSA encryption
> key??), and to choose something else other than the SHA-1 hash.
And I also say "unless you know exactly what you're doing and why, use
the defaults."
It's true that I am not fond of kilobit keys, for reasons I won't go
into right now. I am far, far less fond of people who do not know what
they are doing, or why they are doing it, tinkering around with deep
magics beyond their kenning.
A Formula-1 race mechanic may be able to tweak a car engine to get a few
more percent out of it than the factory settings allow. Your average
driver should not attempt this, because they have better odds of cutting
their own brake lines by accident than by realizing any marginal
improvement.
Prudence demands that drivers be strongly encouraged to just drive the car.
> creation, and hash algorithm. What hash algorithm should I be using,
> if SHA-1 is not preferred? SHA512??
Unless you know exactly what you're doing and why, use the defaults.
That is all the advice you will get from me.
> Who chooses the defaults in terms of DSA/ElGamal signing/encryption
> keys? Is this set by the GnuPG programmers or they OpenGPG standard?
The OpenPGP standard specifies what algorithms must be present, and to
an extent what the defaults must be. The GnuPG crew is free to exceed
those standards.
More information about the Gnupg-users
mailing list