Key practice

David Alexander Russell david.russell.scotland at
Sun Nov 15 00:51:28 CET 2009

Robert J. Hansen wrote:
> DSA is not a Bad Thing.  Whoever it was who told you this did you a
> disservice.  If you'd like to tell us what you've heard about DSA, we
> would be happy to correct the misinformation you were given.
> My suggestion is to "gpg --gen-key".  At each step of the way, if you
> ever don't know what to do, just hit RETURN and go on.  GnuPG will
> produce a high-quality keypair for you.

Essentially what I read was that the default 1024-bit DSA key isn't
strong enough, due to some flaw in SHA-1 which is the hash used for that
size of DSA (that's as much detail as I absorbed I'm afraid) - the main
link I have is the Debian website . It was my
understanding that in the latest version of GnuPG, 1.4.10, the default
had been changed to 2048-bit RSA for precisely this reason.


David R

More information about the Gnupg-users mailing list