Robert J. Hansen wrote: > Noiano wrote: >> First off all thanks for your answers, I have now clearer ideas :-). >> For what concerns SHA-1 I read that, thanks to the collisions, an >> attacker can modify the message but the signature verification well >> be ok. > > That's not possible today. Today, it would be extraordinarily difficult > to forge the message. However, that's no guarantee it will be > extraordinarily difficult in six months or a year. > > It is best to migrate away from SHA-1 right now.
In my openpgp preferences in thunderbird I've tried to set sha-256 but I got an error saying it was only possible to use sha-128. What went wrong? > >> By the way I am thinking on creating a rsa key pair (with rsa subkey) >> as I am willing to buy a smart card kit. However you told the very >> standard algorithm is DSA/Elgamail so what should I do? Create two >> key pair? A rsa one and a dsa/elgamail one? > > Don't buy a smart card unless you need a smart card. Most smart cards > limit themselves to RSA-1024. 0_0 I didn't know that....what a bad news! Distributed key cracking plus the > constant forward march of mathematical progress means it's possible > RSA-1024 will fall in the next five years. DSA keysize is 1024 and cannot be changed. Does the considerations above apply to a dsa key? > > If you need a smart card, by all means, get one. If you don't, you're > probably better off without one, because it gives you more possibilities. > > Insofar as what I think you should do, my advice is unchanged. Stick > with the defaults. I genuinely do not understand why people spend hours > upon hours laboriously deciding whether to use a DSA or an RSA key. > Drop "enable-dsa2" in your gpg.conf, set your personal hash preferences > to use SHA256, and create a default key. Done! > >> One more thing: the key expiry. Do you think that setting the expiry >> date after a year or two is a good choice? Or is better not to set a >> expiry date and revoke the key when necessary? > > For most personal/home users, expiration is not necessary. Thanks again
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
