Generating a new key

Paul Richard Ramer free10pro at gmail.com
Sun Mar 21 22:59:46 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 21 Mar 2010 00:40:08 -0300 Faramir wrote:
>   Another thing to consider, is SHA is not as safe as it used to be, and
> it it becomes easily crackeable, signatures issued using SHA can become
> unsafe. So maybe you'd like to use SHA-256 instead of SHA-128. If I'm

I believe that you meant SHA-1 and not SHA-128, because there isn't a
hash called SHA-128.  Also SHA-1 is a 160 bit hash.

> The first line tells gnupg to use SHA-256 instead of SHA-1 to mangle the
> passphrases. I don't really know what is that mangling thing, but if the
> idea is to replace SHA-1 with SHA-256, it can be useful. (I have a bad
> feeling about telling other people to use that line).

In addition to what David said, the passphrase mangling uses iterations
of the hash algorithm to slow down a brute force attack on the
passphrase.  So for a fictional example, GnuPG will hash the word "dog"
and produce "0123456789".  Then it will iterate by taking the output of
the hash algorithm and use it as input to another instance of hashing.
So in this example it would take the output of "0123456789" and hash it
to produce "9876543210".

The default iteration count is 65536 and can be set by --s2k-count
option.  However, if you want to change the default, I would suggest
that you read this first
<http://lists.gnupg.org/pipermail/gnupg-users/2009-November/037760.html>.


- -Paul

- --
"Plagiarism is the greatest form of flattery." --self

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQGcBAEBCAAGBQJLppatAAoJEJhBiuhgbQLIGSIMAJZXHvZxkq4SbscU/gykyaYC
o/Eb5G/+VC+DRZuskUHCJ5nZykfKu3Wy93G4pj6zTEaLyJQChH22NGzp3PF185RN
XF/x04StFdjJ9AB/2QgB4gOk2JVCGkUAd75C0wP2wywyfKE57+tdNA7W5Og3duIm
7pq0ixINjlO/06cVuzy8VzE45TcUKYtweT4eboA/WkRZrd2IgwBETvgYIpyjM96n
TrJ7vQKBQBGtGmbNTGa1jNMuGYUGUqj8P+CCt3OvGjNUIl2wfwoXm13evQdd6gTY
8maXd3Zcshr7ethhpAo575J9hn568tBXj2bc0avEd1PZ3hWn1GyNQki/XZP7QV8Q
4g2n6ISJ1mEhSQuVeyBZ3gLp7ispARRxgOI+j02pTyLn69xPe33Afr44P/hNxXRB
HrV56GdT3TvoS0IJgy5IH2drsMO+q4oN65EKhYxllpJ+gNtuFdGpV2xqfYh0VVfj
hLWGtmY5bUkO53XFiB7ECXjqeq2RLkyctIRbHfqAgg==
=b8BH
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list