DSA2
David Shaw
dshaw at jabberwocky.com
Wed Sep 27 06:57:39 CEST 2006
On Tue, Sep 26, 2006 at 07:01:30PM -0500, Robert J. Hansen wrote:
> Carlo Luciano Bianco wrote:
> > Needless to say, I completely agree with both you and Werner on this.
> > This discussion about "balancing" security is very interesting [at
> > least for me... ;-)] from a theoretical point of view. I know very
> > well that using this extra-large keys does not add any security in
> > real life.
>
> There's a contrary view, which says that balancing cryptosystem
> components is an unnecessary distraction. This contrary view says that
> each component of a system should be built to meet or exceed security
> requirements while meeting or exceeding performance and usability
> requirements. As long as each component is in that sweet spot, then
> you're great.
Indeed. I'm not even sure this is a "contrary" view, as it is very
compatible with the idea of balance. There is nothing invalid about a
8192-bit RSA key making SHA-1 signatures. It just means that the
signature has at most 80 bits of strength. The signer could have used
a 1024-bit RSA key and gotten the same 80 bits of strength, but that
doesn't make the 8192-bit signature wrong (just large).
David
More information about the Gnupg-devel
mailing list