SHA1 being used despite public key preferences
Robert J. Hansen
rjh at sixdemonbag.org
Wed Oct 20 19:29:45 CEST 2010
On 10/20/2010 1:02 PM, Daniel Kahn Gillmor wrote:
> I personally think that the --personal-digest-preferences should default
> to the strongest supported algorithm:
Why?
SHA224+ is required for DSA-2k; SHA256+ is required for DSA-3k. If
SHA256 is the official NIST recommendation for DSA-3k, why should we
default to SHA512?
Ultimately this amounts to bikeshedding -- SHA256 will do the job
perfectly well, as will SHA512. My question, though, is sincere:
although I have a natural aversion to going past NIST recommendations
just to be able to say we're using stronger crypto fairy dust, I think
it's quite possible there are other factors you're considering that I'm
unaware of.
(On the larger point, that of replacing SHA-1 with a stronger hash
wherever possible, I am in full agreement.)
More information about the Gnupg-devel
mailing list