Are DSA2 signing keys backwards compatible?

Robert J. Hansen rjh at sixdemonbag.org
Mon Feb 11 16:18:35 CET 2008


Kevin Hilton wrote:
> Sorry I was writing my last reply when I received yours.  Thank your
> for clarification. I understand the difference.  However given the
> fact that I could produce for example SHA256 hashes, wouldn't I prefer
> the same hash length in return for security reasons?

Not necessarily.  Imagine you're in an environment where your cipher
selection is constrained by law.  You may be able to produce SHA256,
SHA384, SHA512, MD5, TIGER192 and WHIRLPOOL (just to come up with an
absurdly comprehensive list of hashes), but you may be constrained by
either law or corporate policy to only use SHA-1 for your signatures.
Other people outside this environment who are communicating with you
would not be constrained by those regulations, and could use whatever is
necessary in their environment.

E.g., you may be required to use SHA-1, someone else may be required to
use RIPEMD160, despite the fact both of you are capable of using much
longer (and better) hashes.




More information about the Gnupg-users mailing list