Default hash

Daniel Kahn Gillmor dkg at
Thu Feb 24 16:32:11 CET 2011

On 02/24/2011 04:03 AM, Doug Barton wrote:
> On 02/23/2011 22:26, Aaron Toponce wrote:
>> Given the release of v1.4.10, the SHA256 hashing algorithm is preferred
>> over SHA1. Yet, after updating my default preferences with 'setpref' and
>> signing some text, SHA1 is still used as the default hashing algorithm.
>> Is there something else I need to do to ensure that I'm using SHA256 by
>> default for the hash?
> You're using a 1024 bit DSA key, which won't allow for 256 bit hashes.
> RIPEMD-160 is the largest you can use, and works well for that kind of key.

This isn't actually the case.  Aaron's primary key (0x8086060F) is
indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey
(0xFC04088F), which is perfectly capable of using the stronger digests.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110224/37d470f8/attachment-0001.pgp>

More information about the Gnupg-users mailing list