On 10/12/10 9:51 AM, John Clizbe wrote: > > If one is still using keys of the old signing default of DSA/1024, a > 160-bit hash is the only choice available. That's dictated by the > standard.
That's what I've got. > But there's no pressing need to generate a new key -- one > can just switch to using RIPEMD-160 instead of SHA-1. The fire alarm > for SHA-1 has gone off and it's time to move safely and calmly to > the exits. It's not worth panicking over, but folks should have a > transition plan in place. Which is what I'm trying to formulate. > Or one can use enable-dsa2 in GnuPG and use any of the SHA2 hashes, > they'll just be truncated down to 160 bits similarly to the > SHA-224/SHA-256 arrangement described below. Just to clarify, does this mean that SHA-256 or 512 (or whatever) truncated to 160-bits prevent the potential collision attacks that might be able to be launched against SHA-1? > One of the very important, but least notied changes in RFC 4880 was > that the WG made it much easier to amend the RFC without rewriting > the entire document. This is how Camellia was included into OpenPGP > and how ECC will most likely be included. Ah, cool. > Expect to see some movement once the new NIST hash competition is > complete. So around the end of 2012, assuming they stick to the schedule. > I just created new keys after almost 8 years, my old key was > 1024D/2048ElG. The new keys are 2048-DSA2/2048-RSA and a 3x2048-RSA > OpenPGP card. > > 3072 just felt like overkill for me. To quote Howard Tayler's _Schlock Mercenary_, "there's no such thing as overkill, only 'Open fire!' and 'I need to reload!'" :) Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
