Default hash
Ben McGinnes
ben at adversary.org
Thu Feb 24 10:37:50 CET 2011
On 24/02/11 8:03 PM, Doug Barton wrote:
> On 02/23/2011 22:26, Aaron Toponce wrote:
>>
>> Given the release of v1.4.10, the SHA256 hashing algorithm is
>> preferred over SHA1. Yet, after updating my default preferences
>> with 'setpref' and signing some text, SHA1 is still used as the
>> default hashing algorithm. Is there something else I need to do to
>> ensure that I'm using SHA256 by default for the hash?
>
> You're using a 1024 bit DSA key, which won't allow for 256 bit
> hashes. RIPEMD-160 is the largest you can use, and works well for
> that kind of key.
Well, he can use SHA256 or SHA512, but like mine it will be truncated
to 160 bits, as was explained to me on this list a couple of months ago.
As I recall, I edited the key with setpref to this:
Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES,
CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA
Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5
Compression: BZIP2, ZLIB, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Then added this to gpg.conf:
enable-dsa2
default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8
H11 H3 H2 H1 Z3 Z2 Z1 Z0
personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1
personal-digest-preferences H10 H9 H8 H11 H3 H2 H1
personal-compress-preferences Z3 Z2 Z1 Z0
IDEA is only included because of one or two freaks I know who still
use it. Oh and some ancient stuff I encrypted around fifteen years
ago, but have yet to convert.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110224/b4c8584c/attachment.pgp>
More information about the Gnupg-users
mailing list