gpg rejects SHA224 with DSA-2048
David Shaw
dshaw at jabberwocky.com
Mon Nov 9 05:45:43 CET 2009
On Nov 8, 2009, at 11:11 PM, Robert J. Hansen wrote:
> Kevin Kammer wrote:
>> Unless there is some inescapable constraint on the size of one's
>> signature, I am hard pressed to think of a reason for using SHA224
>> when
>> SHA256 is available.
>
> Conformance with corporate IT policies. Many corporate IT policies
> are
> drafted by people who don't really understand the underlying
> technologies. They see the NIST drafts and say "ah, 224-bit hashes
> are
> to be used with DSA-2048," and proceed to require SHA224 to be used
> with
> DSA-2048.
NIST, along with RFC-4880, says that you can use either 224-bit or 256-
bit hashes with DSA-2048.
David
More information about the Gnupg-users
mailing list