L. Sassaman
Sun, 16 Apr 2000 19:29:34 -0700 (PDT)

Hash: SHA1

On Sun, 16 Apr 2000, Johan Wevers wrote:

> Werner Koch wrote:
> > And with a good reason. 2 years back most folks agredd on that RSA is
> > a bad thing.
> Due to legal or due to technical reasons? I believe that most cryptographers
> believe that when you crack one algorithm you can probably also crack the
> other so I guess it are non-technical reasons.
Mainly non-technical. In order to use RSA in the US, you need to either use BSAFE (with a license) or RSAREF (for free). PGP used to have a custom-written RSA implementation that was a lot faster than BSAFE, but we can't use it. Yet. :) Also, v3 keys aren't as good as v4 keys. With v4 keys, you can have a different key for signing then for encrypting (actually, it is necessary if you choose to use DSS as the signing key). RSA v4 keys are possible as well, and pose no real security advantages or disadvantages; two RSA keys are created, and one is designated the signing key and the other the encrypting key. So it isn't really RSA the algorithm that is the problem, it is v3 keys and the RSA legal mess. Both of which are going away. - --Len. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger:// | -----BEGIN PGP SIGNATURE----- Comment: For info see iEYEARECAAYFAjj6dx4ACgkQPYrxsgmsCmpoygCfVweUu8NsH4NL2keY7UE0LvTh pE8AoLt/VEfj8/q14sGGTWm9JV9E48Xz =g0qv -----END PGP SIGNATURE-----