Plain Elgamal keys
Sat, 4 Sep 1999 11:58:36 +0200
Maitre Jedi Yoda <firstname.lastname@example.org> writes:
> I don't realy understand the FAQ about the key-size.
> If I usea plain Elgamal key what (an why) size should I chose?
> Is Plain Elgamal a complete alternative to RSA ?
Yes, but DSA/Elgamal is better. It does not make sense to use a
signing key of more than 1024 bits as the probability of breaking this
one is believed to be even to the one of breaking a 160 bit hash. And
we don't have a really greate hash algorithm today. I know that the
NSA is working on one ... bit they didn't comment on when they will
release this peace of work - and then we need some time for the
academic cryptographers to scrutinizes this algorithm, so that we
don't have SHA-0 problem. Well, it may take some years.
Combining differen hash algorithms to yield a larger disgest may be a
way, but there is not much research on this issue and it may make the
I really suggest to stick to DSA/ElGamal for now. BTW, PGP is not
able to handle these keys nor to create them.
Werner Koch at guug.de www.gnupg.org keyid 621CC013