Use other hash than SHA-1

David Shaw dshaw at
Sat May 2 22:38:51 CEST 2009

On May 2, 2009, at 3:46 PM, Allen Schultz wrote:

> Hash: SHA1
> On Sat, May 2, 2009 at 7:45 AM, David Shaw
> <dshaw at> wrote:
>> The short answer is that you can only use a 160-bit hash with
> your default
>> DSA key.  That means SHA-1 or RIPEMD/160.  There is a feature
> you can enable
>> (--enable-dsa2) that will allow you to use a bigger hash --
> but you can
>> still only use 160 bits worth of it.  So if you use SHA-256,
> you're actually
>> only taking 160 bits worth of it and discarding the rest.
> I'm stuck with that smaller key until I change the subkeys, but
> a question about the two hashes. What's the difference in SHA-1
> and RIPEMD/160?

They're different algorithms that have the same hash size (160 bits).   
The recent attacks against SHA-1 do not apply to RIPEMD/160, but note  
that RIPEMD/160 is attacked far less than SHA-1 is.


More information about the Gnupg-users mailing list