Hey sluggers, do you have experience of any problems using gpg's
--disable-dsa2 option?
gnupg 1.4.6 is what I am using (Ubuntu 8.04), although later today I
should have a chroot for Ubuntu 10.04 if that makes any difference.
--disable-dsa2
Enables new-style DSA keys which (unlike the old style) may be
larger than 1024 bit and use hashes other than SHA-1 and
RIPEMD/160. Note that very few programs currently support these
keys and signatures from them.
I have only ever given my current key to about three people, and my
root master/ private key has an old email address from 12+ years ago
which I wish to make disappear.
So I am going to create a new master key (pair).
Having just re-read the Gnu Privacy Handbook (GPH), it says:
"DSA allows a key size up to 1024 bits. This is not especially good
given today's factoring technology, but that is what the standard
specifies. Without question, you should use 1024 bit DSA keys."
Is there any reason I should not use --disable-dsa2 ?
tia
zenaan
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
