Question about history of hash and cipher collections

Robert J. Hansen rjh at
Wed Jan 16 04:23:58 CET 2008

Kevin Hilton wrote:
> In your link however, you recommend the creation of 1024 or 2048 RSA
> signing and encryption keys (or DSA2 signing key with RSA encryption
> key??), and to choose something else other than the SHA-1 hash.

And I also say "unless you know exactly what you're doing and why, use 
the defaults."

It's true that I am not fond of kilobit keys, for reasons I won't go 
into right now.  I am far, far less fond of people who do not know what 
they are doing, or why they are doing it, tinkering around with deep 
magics beyond their kenning.

A Formula-1 race mechanic may be able to tweak a car engine to get a few 
more percent out of it than the factory settings allow.  Your average 
driver should not attempt this, because they have better odds of cutting 
their own brake lines by accident than by realizing any marginal 

Prudence demands that drivers be strongly encouraged to just drive the car.

> creation, and hash algorithm.  What hash algorithm should I be using,
> if SHA-1 is not preferred? SHA512??

Unless you know exactly what you're doing and why, use the defaults. 
That is all the advice you will get from me.

> Who chooses the defaults in terms of DSA/ElGamal signing/encryption
> keys?  Is this set by the GnuPG programmers or they OpenGPG standard?

The OpenPGP standard specifies what algorithms must be present, and to 
an extent what the defaults must be.  The GnuPG crew is free to exceed 
those standards.

More information about the Gnupg-users mailing list