Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 18 00:28:47 CET 2015
On Tue 2015-03-17 18:53:42 -0400, Damien Goutte-Gattat wrote:
> Do you mean signatures in general, or key signatures (certifications)?
> For key signatures, SHA-1 is still the default for RSA keys
Is this correct? I think we should be defaulting to SHA-256 for RSA
certifications these days.
If we want to cater to users who really want their certifications to
have compatibility with buggy 10-year-old clients that don't have
SHA-256, we should make it easy for them to make a SHA-1 certification
with a 1-second-earlier timestamp.
> but signatures on (EC)DSA keys will use up to SHA-512 depending on the
> key size (SHA-256 for a Brainpool-256 key, SHA-512 for a BrainpoolP512
I think you mean signatures *by* (EC)DSA keys, not *on* (EC)DSA keys,
More information about the Gnupg-users