Compatibility

[L. Sassaman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 16 Apr 2000, Johan Wevers wrote:

> Werner Koch wrote:
> 
> > And with a good reason.  2 years back most folks agredd on that RSA is
> > a bad thing.
> 
> Due to legal or due to technical reasons? I believe that most cryptographers
> believe that when you crack one algorithm you can probably also crack the
> other so I guess it are non-technical reasons.

Mainly non-technical. In order to use RSA in the US, you need to either
use BSAFE (with a license) or RSAREF (for free). PGP used to have a
custom-written RSA implementation that was a lot faster than BSAFE, but we
can't use it. Yet. :)

Also, v3 keys aren't as good as v4 keys. With v4 keys, you can have
a different key for signing then for encrypting (actually, it is necessary
if you choose to use DSS as the signing key). RSA v4 keys are possible as
well, and pose no real security advantages or disadvantages; two RSA keys
are created, and one is designated the signing key and the other the
encrypting key. So it isn't really RSA the algorithm that is the problem,
it is v3 keys and the RSA legal mess. Both of which are going away.


- --Len.

__

L. Sassaman

System Administrator                |  
Technology Consultant               |   [This space for rent]
icq.. 10735603                      |
pgp.. finger://ns.quickie.net/rabbi |  



-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjj6dx4ACgkQPYrxsgmsCmpoygCfVweUu8NsH4NL2keY7UE0LvTh
pE8AoLt/VEfj8/q14sGGTWm9JV9E48Xz
=g0qv
-----END PGP SIGNATURE-----