# RSA / DSS (keylenghts)

**Pete Chown
**
Pete.Chown@skygate.co.uk

*Thu, 21 Sep 2000 17:53:38 +0100*

Ralf Senderek wrote:

>* if you double the size of a DSS-key not one additional secret key value
*

>* is added because the amount of possible secret keys is limited by the
*

>* size of the hash-function (160 bits), Only the mathematical operation
*

>* will use a longer key (as modulus) and consequently takes more time.
*

This is true, but hopefully it makes cryptanalysis more difficult. By
the time you get to a 1024-bit modulus, it will take roughly the same
amount of time to solve either of the two possible discrete logarithm
problems. With a 512-bit modulus, it is (counterintuitively) much
easier to attack the 512-bit discrete logarithm problem rather than
the 160-bit one, because they have different characteristics. (I am
sure you already knew that though.)
There is no reason why you couldn't have a DSA key longer than 1024
bits (that I am aware of). However, to get any benefit from this you
would need to make the other modulus longer than 160 bits. This would
mean using a hash function other than SHA-1, for example Tiger/192.
--
Pete
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org