Key practice
David Alexander Russell
david.russell.scotland at gmail.com
Sun Nov 15 00:51:28 CET 2009
Robert J. Hansen wrote:
> DSA is not a Bad Thing. Whoever it was who told you this did you a
> disservice. If you'd like to tell us what you've heard about DSA, we
> would be happy to correct the misinformation you were given.
>
> My suggestion is to "gpg --gen-key". At each step of the way, if you
> ever don't know what to do, just hit RETURN and go on. GnuPG will
> produce a high-quality keypair for you.
>
>
Robert,
Essentially what I read was that the default 1024-bit DSA key isn't
strong enough, due to some flaw in SHA-1 which is the hash used for that
size of DSA (that's as much detail as I absorbed I'm afraid) - the main
link I have is the Debian website
http://www.debian-administration.org/users/dkg/weblog/48 . It was my
understanding that in the latest version of GnuPG, 1.4.10, the default
had been changed to 2048-bit RSA for precisely this reason.
Thanks
David R
More information about the Gnupg-users
mailing list