what are the sub keys

Jerome Baum jerome at jeromebaum.com
Tue Mar 22 20:08:56 CET 2011

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On Tue, 22 Mar 2011 18:11:37 +0000, Jerome Baum <jerome at jeromebaum.com>
> wrote:
>> Okay so  let's try again. Correct  me if I'm  wrong on this one,  but it
>> does  make  your key  weaker  _compared  with  using an  algorithm  that
>> supports 512 bits of hash, all else being equal_, right?
> If such an algorithm existed in GnuPG, then yes.  You'd need about RSA-16K
> to get your money's worth out of SHA512, though.

Ah, see that's what I was hoping  for. So, there is indeed no reason not
to use  DSA-1024 with  SHA-512. Just as  there is  no reason not  to use
RSA-4096 with SHA-512.  But the  OP was talking about RSA-2048 (with any
hash), and there  is a reason not  to use that. I was  assuming that the
mention  of  DSA-1024   with  SHA-512  was  meant  as   an  analogue  to
RSA-2048. Apparently it wasn't.

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/cb36a8e2/attachment.pgp>

More information about the Gnupg-users mailing list