Kevin Hilton wrote: > Sorry I was writing my last reply when I received yours. Thank your > for clarification. I understand the difference. However given the > fact that I could produce for example SHA256 hashes, wouldn't I prefer > the same hash length in return for security reasons?
Not necessarily. Imagine you're in an environment where your cipher selection is constrained by law. You may be able to produce SHA256, SHA384, SHA512, MD5, TIGER192 and WHIRLPOOL (just to come up with an absurdly comprehensive list of hashes), but you may be constrained by either law or corporate policy to only use SHA-1 for your signatures. Other people outside this environment who are communicating with you would not be constrained by those regulations, and could use whatever is necessary in their environment. E.g., you may be required to use SHA-1, someone else may be required to use RIPEMD160, despite the fact both of you are capable of using much longer (and better) hashes. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
