gpg rejects SHA224 with DSA-2048
Kevin Kammer
mephisto at fastmail.net
Mon Nov 9 14:20:01 CET 2009
On Mon, Nov 09, 2009 at 11:52:48AM +0100 Also sprach Werner Koch:
> On Mon, 9 Nov 2009 04:17, rjh at sixdemonbag.org said:
>
> > When did this changeover take place, and is there any way to get the old
> > behavior back?
>
> On 2009-07-09; that is since 1.4.10 / 2.0.13. There is no option to
> change it back. The code in g10/keygen.c reads:
>
> /*
> Figure out a q size based on the key size. FIPS 180-3 says:
>
> L = 1024, N = 160
> L = 2048, N = 224
> L = 2048, N = 256
> L = 3072, N = 256
>
> 2048/256 is an odd pair since there is also a 2048/224 and
> 3072/256. Matching sizes is not a very exact science.
>
> We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
> but less than 2048, and 160 for 1024 (DSA1).
> */
>
> if(nbits>2047)
> qbits=256;
> else if(nbits>1024)
> qbits=224;
> else
> qbits=160;
>
I imagine it would not be terribly difficult to rewrite keygen.c to
offer the option of qbits=224 for nbits==2048, offered at key generation
time (likely with the --expert flag set), but it would be a non-trivial
change for a very questionable benefit.
-Kevin
--
"Le hasard favorise l'esprit préparé."
--Louis Pasteur
More information about the Gnupg-users
mailing list