Key practice

David Alexander Russell david.russell.scotland at gmail.com
Sun Nov 15 00:51:28 CET 2009


Robert J. Hansen wrote:
> DSA is not a Bad Thing.  Whoever it was who told you this did you a
> disservice.  If you'd like to tell us what you've heard about DSA, we
> would be happy to correct the misinformation you were given.
>
> My suggestion is to "gpg --gen-key".  At each step of the way, if you
> ever don't know what to do, just hit RETURN and go on.  GnuPG will
> produce a high-quality keypair for you.
>
>   
Robert,

Essentially what I read was that the default 1024-bit DSA key isn't
strong enough, due to some flaw in SHA-1 which is the hash used for that
size of DSA (that's as much detail as I absorbed I'm afraid) - the main
link I have is the Debian website
http://www.debian-administration.org/users/dkg/weblog/48 . It was my
understanding that in the latest version of GnuPG, 1.4.10, the default
had been changed to 2048-bit RSA for precisely this reason.

Thanks

David R



More information about the Gnupg-users mailing list