Generating a new key
faramir.cl at gmail.com
Tue Mar 23 23:50:38 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Paul Richard Ramer escribió:
> On Sun, 21 Mar 2010 00:40:08 -0300 Faramir wrote:
>> Another thing to consider, is SHA is not as safe as it used to be, and
>> it it becomes easily crackeable, signatures issued using SHA can become
>> unsafe. So maybe you'd like to use SHA-256 instead of SHA-128. If I'm
> I believe that you meant SHA-1 and not SHA-128, because there isn't a
> hash called SHA-128. Also SHA-1 is a 160 bit hash.
Right, I was referring to SHA-1, and I confused the bit length of
SHA-1 with key length of AES.
I saw another message, from Robert J. Hansen, saying indeed there is a
"SHA-128" unofficial denomination. Maybe I saw "SHA-128" while browsing
documents about SHA, and that contributed to my confusion. But anyway, I
was referring to the "normal" SHA algorithm.
>> idea is to replace SHA-1 with SHA-256, it can be useful. (I have a bad
>> feeling about telling other people to use that line).
> In addition to what David said, the passphrase mangling uses iterations
> of the hash algorithm to slow down a brute force attack on the
> passphrase. So for a fictional example, GnuPG will hash the word "dog"
> and produce "0123456789". Then it will iterate by taking the output of
> the hash algorithm and use it as input to another instance of hashing.
> So in this example it would take the output of "0123456789" and hash it
> to produce "9876543210".
Good, now I know what is "password mangling" about.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users