Generating a new key

Faramir at
Tue Mar 23 23:50:38 CET 2010

Hash: SHA256

Paul Richard Ramer escribió:
> On Sun, 21 Mar 2010 00:40:08 -0300 Faramir wrote:
>>   Another thing to consider, is SHA is not as safe as it used to be, and
>> it it becomes easily crackeable, signatures issued using SHA can become
>> unsafe. So maybe you'd like to use SHA-256 instead of SHA-128. If I'm
> I believe that you meant SHA-1 and not SHA-128, because there isn't a
> hash called SHA-128.  Also SHA-1 is a 160 bit hash.

  Right, I was referring to SHA-1, and I confused the bit length of
SHA-1 with key length of AES.

  I saw another message, from Robert J. Hansen, saying indeed there is a
"SHA-128" unofficial denomination. Maybe I saw "SHA-128" while browsing
documents about SHA, and that contributed to my confusion. But anyway, I
was referring to the "normal" SHA algorithm.

>> idea is to replace SHA-1 with SHA-256, it can be useful. (I have a bad
>> feeling about telling other people to use that line).
> In addition to what David said, the passphrase mangling uses iterations
> of the hash algorithm to slow down a brute force attack on the
> passphrase.  So for a fictional example, GnuPG will hash the word "dog"
> and produce "0123456789".  Then it will iterate by taking the output of
> the hash algorithm and use it as input to another instance of hashing.
> So in this example it would take the output of "0123456789" and hash it
> to produce "9876543210".

  Good, now I know what is "password mangling" about.

  Best Regards
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list