[Twisted-Python] Release questions
mithrandi at mithrandi.net
Fri Apr 5 09:12:43 EDT 2013
On Fri, Apr 5, 2013 at 2:32 AM, Laurens Van Houtven <_ at lvh.cc> wrote:
> DSA, by default, used SHA-1; recent revisions support SHA-2. A few years
> ago, GnuPG and several big users including Debian and Apache started
> suggesting the move to RSA instead of DSA keys. The algorithms vary a bit
> in speed and signature size, but the main reason was to allow newer hash
> That said, I'm pretty sure GPG uses a newer revision of DSA: when I left
> the defaults untouched near the end of 2012, it still seemed to prefer
> DSA/ElGamal despite the news from a few years ago. IIRC, the first version
> of the algorithm only allowed 1024 bit keys, whereas my DSA key is 3072.
DSA keys larger than 1024 bit(?) are "non-standard", but I think the bigger
issue is that DSA only supports 160-bit hashes; larger hashes will be
truncated, which means you don't gain much by using SHA-256/SHA-512/etc.
instead of SHA-1. DSA2 can handle larger hashes, but there's no real reason
to use DSA2 when RSA is so widespread. I think this is the reason the
defaults are changing (were changed?) in GnuPG.
I guess this is drifting off-topic though...
Here's how you check what you support and in which preference:
Thanks, much more useful than my vague speculation about defaults ;)
mithrandi, i Ainil en-Balandor, a faer Ambar
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Twisted-Python