gpg rejects SHA224 with DSA-2048

Kevin Kammer mephisto at fastmail.net
Mon Nov 9 05:26:43 CET 2009


On Sun, Nov 08, 2009 at 11:11:01PM -0500
Also sprach Robert J. Hansen:
> Kevin Kammer wrote:
> > Unless there is some inescapable constraint on the size of one's
> > signature, I am hard pressed to think of a reason for using SHA224 when
> > SHA256 is available.
> 
> Conformance with corporate IT policies.  Many corporate IT policies are
> drafted by people who don't really understand the underlying
> technologies.  They see the NIST drafts and say "ah, 224-bit hashes are
> to be used with DSA-2048," and proceed to require SHA224 to be used with
> DSA-2048.
> 

Ah yes... corporate policy. How could I forget?

Having deployed PKI while I was in the military, I can certainly
sympathise with you regarding a large organization rigorously adhering
to policy, regardless of how much or little sense it makes.

The bright side is, the same documents which say SHA224 can be used with
DSA-2048 also permit SHA256. If anyone sets policy based on, say,
FIPS186, you can always cite that part.

-Kevin 

-- 
"Le hasard favorise l'esprit préparé."
                      --Louis Pasteur



More information about the Gnupg-users mailing list