Should I set cert-digest-algo?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Mar 16 15:38:58 CET 2010
On 03/16/2010 10:02 AM, Grant Olson wrote:
> A while ago I stumbled onto instructions to up my prefs to use a better
> hash than SHA1:
>
> http://www.debian-administration.org/users/dkg/weblog/48
Hi Grant, i'm the author of that post.
> Today I was surfing around, and saw some relatively recent posts on the
> list that said setting "digest-algo" in gpg.conf was a Bad Idea(tm). I
> didn't find any threads on setting "cert-digest-algo", but the manpage
> notes that this can cause interoperability issues.
>
> So is setting "cert-digest-algo SHA256" okay, or is it going to cause
I've used cert-digest-algo SHA512 (even more likely to cause interop
problems than SHA256) ever since i wrote that post, and i have gotten no
complaints at all about my certifications being unusable.
this may have something to do with who i interact with, though (mostly
other free software folks); you might have a different experience if
you have contacts who are locked into ancient software for one reason or
another.
I think that SHA256 should be pretty unobjectionable these days.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100316/ff413385/attachment.pgp>
More information about the Gnupg-users
mailing list