Will DSS keys still be preferred over RSA in a few months?

L. Sassaman rabbi at quickie.net
Mon Jul 10 11:04:08 CEST 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 9 Jul 2000, [iso-8859-1] Ulf Möller wrote:

> On Sun, Jul 09, 2000 at 11:36:43AM -0400, Ulf Möller wrote:
> 
> > but is unauthenticated. That means that it is sufficient to find a
> > collision in any one of the supported OpenPGP hash functions
> > (which include MD5 and MD2) to forge a DSA signature.
> 
> That's not exactly accurate. Anyway, on the bottom line, OpenPGP RSA
> allows the signer to choose the (best) hash algorithm, and OpenPGP DSA
> allows the attacker to choose the (worst) hash algorithm.

Please explain this further. First of all, there is no difference between
"RSA" and "DSA" key usage in OpenPGP. I think that what you mean to
compare here is "v3" and "v4" keys. Is that correct?

Secondly, there is a self-signature preference for hash algorithms. It
would be very easy for an implementation to declare a signature "BAD" if a
hash was used that was not expressly permitted in the signing key's
self-signature pref for hashes. This, I think, is a worthwhile thing to
suggest to the working group.


__

L. Sassaman

System Administrator                |  
Technology Consultant               |  "Credo quia absurdum."
icq.. 10735603                      |  
pgp.. finger://ns.quickie.net/rabbi |          --Tertullian 







-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5agIRPYrxsgmsCmoRArEOAKCroyCh02vlE9j/3qdtAKsn46awewCgiSpM
v+qozpxx2kRKNSI/DEvGQIc=
=Gt2H
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list