cypher algorithm - which one?

David Shaw
Sat Nov 2 16:20:01 2002

On Fri, Nov 01, 2002 at 07:30:31PM +0300, lomax wrote:
> hi David,
> Thursday, October 31, 2002, 1:01:50 AM, you wrote:
> DS> If speed doesn't matter, and you want the safest choice, then that's
> DS> 3DES.  It's been around the longest, and it's withstood more
> DS> challenges than any other cipher.
> DS> See for more.
> thnx, for your advice, the page is really good. now, I got one more
> question - regarding the public key algorithms.
> the web page is little bit outdated and also I didn't really get it. I
> got the impression, that they favour DSS/DH [which is, I hope, the
> same as the DSA in the gnupg]. but on the other hand, it's possible to
> use only 1024bit [or when combined with the ElGamal - 2048bit] key.
> for the RSA the key-lenght goes up to 16384bit.
> is 1024[2048] future-proof? [comparing to a RSA4096 for example]

It's a difficult question, because it's sort of an apples-and-oranges
comparison.  It really depends on what you are using the key for.  a
1024bit DSA signing key is generally felt to be more or less as secure
as the 160-bit hash that it uses.  If you make a bigger DSA (and this
is technically possible, though GnuPG and PGP follow the spec and stop
after 1024), you still have that 160-bit hash as your weak point.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson