multiple subkeys and key transition

David Shaw dshaw at
Fri Dec 10 01:16:03 CET 2010

On Dec 9, 2010, at 6:49 PM, Ben McGinnes wrote:

>> Or one can use enable-dsa2 in GnuPG and use any of the SHA2 hashes,
>> they'll just be truncated down to 160 bits similarly to the
>> SHA-224/SHA-256 arrangement described below.
> Just to clarify, does this mean that SHA-256 or 512 (or whatever)
> truncated to 160-bits prevent the potential collision attacks that
> might be able to be launched against SHA-1?

Yes, but at the risk of pedantry:

The attacks against SHA-1 haven't been extended to the SHA-2 family yet.  By truncating a SHA-2 to 160 bits, you're creating a non-broken (for now) 160-bit hash.  Think of it as a non-broken SHA-1: it's theoretically as strong as SHA-1 once was thought to be, but not stronger.

(i.e. it's a great SHA-1 alternative, but it's not as strong as a full-sized SHA-2).


More information about the Gnupg-users mailing list