Will DSS keys still be preferred over RSA in a few months?

Ulf Möller ulf at fitug.de
Sun Jul 9 13:01:07 CEST 2000

On Sun, Jul 09, 2000 at 11:36:43AM -0400, Ulf Möller wrote:

> but is unauthenticated. That means that it is sufficient to find a
> collision in any one of the supported OpenPGP hash functions
> (which include MD5 and MD2) to forge a DSA signature.

That's not exactly accurate. Anyway, on the bottom line, OpenPGP RSA
allows the signer to choose the (best) hash algorithm, and OpenPGP DSA
allows the attacker to choose the (worst) hash algorithm.

More information about the Gnupg-devel mailing list