DSA2

Robert J. Hansen rjh at sixdemonbag.org
Wed Sep 27 02:01:30 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Carlo Luciano Bianco wrote:
> Needless to say, I completely agree with both you and Werner on this.
> This discussion about "balancing" security is very interesting [at
> least for me... ;-)] from a theoretical point of view. I know very
> well that using this extra-large keys does not add any security in
> real life. 

There's a contrary view, which says that balancing cryptosystem
components is an unnecessary distraction.  This contrary view says that
each component of a system should be built to meet or exceed security
requirements while meeting or exceeding performance and usability
requirements.  As long as each component is in that sweet spot, then
you're great.

For instance, I use SHA512 for my signatures.  I do so for two reasons:
(a) when I was entering my digest preferences I accidentally set SHA512
first, and (b) I haven't bothered to correct it yet.

The reason why such an 'unbalanced' system is of no concern to me is
simple: (a) none of my correspondents have complained about the size of
my signatures and (b) using SHA512 is just as convenient and quick as
using SHA256.

Anyway, please don't think I'm saying balanced systems are problematic
or silly or anything else.  All I'm saying is there's more than one way
to interpret security best practices.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCgAGBQJFGb9aAAoJELcA9IL+r4EJ+0YIAKN1RHpEtumxAMg75E+T7Q5I
X2ofYUcmoFbyqNJLw5FXk7P35hhibY0ienY3+kMQLe1kTzY0+Sq64gU0BgWhUv6m
xuPI8VABSXfPI5XKfiDhTZR+7w6Ige/oibyUdHWRrjas7XOY5qa5M6QbSAfKUIkN
OfJGH6Wc7+fepm91/IEGakrmlMqfb1B9Qx0odoQSQq3Ur9nEAFlIA8JByhivfPIf
4rg50R6nmyptGKyf87gx3hWBQedXlmZQ+rNrzGjv7D4XUTV4EQ9BvSeoRPOXzjDP
/Ku7P5RXzbmOMQlwZEXUo75Emef2qkINmMMchjylsI36MrL7V5xmPoIDY5KlY78=
=vp6Q
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list