RSA or DSA? That's the question
noiano at x-privat.org
Fri Sep 7 22:09:26 CEST 2007
Robert J. Hansen wrote:
> Noiano wrote:
>> First off all thanks for your answers, I have now clearer ideas :-).
>> For what concerns SHA-1 I read that, thanks to the collisions, an
>> attacker can modify the message but the signature verification well
>> be ok.
> That's not possible today. Today, it would be extraordinarily difficult
> to forge the message. However, that's no guarantee it will be
> extraordinarily difficult in six months or a year.
> It is best to migrate away from SHA-1 right now.
In my openpgp preferences in thunderbird I've tried to set sha-256 but I
got an error saying it was only possible to use sha-128. What went wrong?
>> By the way I am thinking on creating a rsa key pair (with rsa subkey)
>> as I am willing to buy a smart card kit. However you told the very
>> standard algorithm is DSA/Elgamail so what should I do? Create two
>> key pair? A rsa one and a dsa/elgamail one?
> Don't buy a smart card unless you need a smart card. Most smart cards
> limit themselves to RSA-1024.
0_0 I didn't know that....what a bad news!
Distributed key cracking plus the
> constant forward march of mathematical progress means it's possible
> RSA-1024 will fall in the next five years.
DSA keysize is 1024 and cannot be changed. Does the considerations above
apply to a dsa key?
> If you need a smart card, by all means, get one. If you don't, you're
> probably better off without one, because it gives you more possibilities.
> Insofar as what I think you should do, my advice is unchanged. Stick
> with the defaults. I genuinely do not understand why people spend hours
> upon hours laboriously deciding whether to use a DSA or an RSA key.
> Drop "enable-dsa2" in your gpg.conf, set your personal hash preferences
> to use SHA256, and create a default key.
>> One more thing: the key expiry. Do you think that setting the expiry
>> date after a year or two is a good choice? Or is better not to set a
>> expiry date and revoke the key when necessary?
> For most personal/home users, expiration is not necessary.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070907/faedd81f/attachment.pgp
More information about the Gnupg-users