>As of 1.4.8 and 2.0.8, and subject to change in future versions: > >Cipher: AES256, AES192, AES, CAST5, 3DES >Hash: SHA1, SHA256, RIPEMD160 >Compression: ZLIB, BZIP2, ZIP, None
You are absolutely correct about these settings. Perhaps this should be included in documentation (and changed when needed), since I would consider these to be the default settings for cipher, hash, and compression choice. >All the --enable-dsa2 switch >does (and again, it's off by default in 1.4.8 and 2.0.8), is allow you >to generate a DSA key that is larger than 1024 bits or has a hash >larger than 160 bits. This seems peculiar to me. Why is this setting turned off by default? I'm not at war with anyone in these forums, but many have acknowledged the shortcomings of using 160 bit hashes -- at least with the SHA1 hash. In the same vain, aren't keys sizes larger than 1024 bits actually now recommended? The default fallback allows the creation of a 1024 bit DSA key utilizing the SHA-1 hash -- the preferred preference. Again I know nothing about cryptography but based on the links provided by users' of this forum, it would seem that the choice or a larger DSA key and different hash would be preferable?. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users