Will DSS keys still be preferred over RSA in a few months?

Sun, 9 Jul 2000 12:01:07 -0400

On Sun, Jul 09, 2000 at 11:36:43AM -0400, Ulf Möller wrote:

> but is unauthenticated. That means that it is sufficient to find a

> collision in any one of the supported OpenPGP hash functions

> (which include MD5 and MD2) to forge a DSA signature.

That's not exactly accurate. Anyway, on the bottom line, OpenPGP RSA
allows the signer to choose the (best) hash algorithm, and OpenPGP DSA
allows the attacker to choose the (worst) hash algorithm.