Use other hash than SHA-1
David Shaw
dshaw at jabberwocky.com
Sat May 2 22:38:51 CEST 2009
On May 2, 2009, at 3:46 PM, Allen Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sat, May 2, 2009 at 7:45 AM, David Shaw
> <dshaw at jabberwocky.com> wrote:
>> The short answer is that you can only use a 160-bit hash with
> your default
>> DSA key. That means SHA-1 or RIPEMD/160. There is a feature
> you can enable
>> (--enable-dsa2) that will allow you to use a bigger hash --
> but you can
>> still only use 160 bits worth of it. So if you use SHA-256,
> you're actually
>> only taking 160 bits worth of it and discarding the rest.
>
> I'm stuck with that smaller key until I change the subkeys, but
> a question about the two hashes. What's the difference in SHA-1
> and RIPEMD/160?
They're different algorithms that have the same hash size (160 bits).
The recent attacks against SHA-1 do not apply to RIPEMD/160, but note
that RIPEMD/160 is attacked far less than SHA-1 is.
David
More information about the Gnupg-users
mailing list