gpg rejects SHA224 with DSA-2048

Kevin Kammer mephisto at fastmail.net
Mon Nov 9 14:20:01 CET 2009


On Mon, Nov 09, 2009 at 11:52:48AM +0100 Also sprach Werner Koch:
> On Mon,  9 Nov 2009 04:17, rjh at sixdemonbag.org said:
> 
> > When did this changeover take place, and is there any way to get the old
> > behavior back?
> 
> On 2009-07-09; that is since 1.4.10 / 2.0.13.  There is no option to
> change it back.  The code in g10/keygen.c reads:
> 
>     /*
>       Figure out a q size based on the key size.  FIPS 180-3 says:
> 
>       L = 1024, N = 160
>       L = 2048, N = 224
>       L = 2048, N = 256
>       L = 3072, N = 256
> 
>       2048/256 is an odd pair since there is also a 2048/224 and
>       3072/256.  Matching sizes is not a very exact science.
>       
>       We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
>       but less than 2048, and 160 for 1024 (DSA1).
>     */
> 
>     if(nbits>2047)
>       qbits=256;
>     else if(nbits>1024)
>       qbits=224;
>     else
>       qbits=160;
>

I imagine it would not be terribly difficult to rewrite keygen.c to
offer the option of qbits=224 for nbits==2048, offered at key generation
time (likely with the --expert flag set), but it would be a non-trivial
change for a very questionable benefit.

-Kevin

-- 
"Le hasard favorise l'esprit préparé."
                      --Louis Pasteur



More information about the Gnupg-users mailing list