>You could use SHA-512 with
>it if you liked, but the hash would be truncated to 256 bits.
Interesting. Are the higher or lower bits truncated?
>We follow the advice in FIPS 180-3:
>
> L = 1024, N = 160
> L = 2048, N = 224
> L = 3072, N = 256
Ok. So back to the ever asking defaults question, so why when I
produce a 3072 bit DSA signing key, why isnt my first digest hash
preference or choice SHA-256? Here is what I am getting:
pub 3072D/0053175A created: 2007-11-14 expires: never usage: SC
trust: unknown validity: unknown
sub 4096g/51BFA0E0 created: 2007-11-14 expires: never usage: E
[ unknown] (1). -----------------------------------------------------
Command> showpref
[ unknown] (1). -----------------------------------------------------
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
It would seem in fact that my digest preferences should only be SHA256
or SHA512 based on the information provided! SHA1 or RIPEMD160
shouldn't even be listed here, correct?
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
