[Q] DSA 1024-bit limit.
Tue May 13 05:48:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, May 12, 2003 at 08:09:08PM -0400, Daniel Carrera wrote:
> Hello all,
> I was thinking about the DSA 1024-bit limit. Is that something I should
> be worried about? Is there any hope that this limit will be fixed in the
> forseable future?
> If having a 1024-bit key now is cause for concern, then it will become a
> real problem in a few years.
> From the resources people gave me I found some reasoning as to why signing
> keys can afford to be less secure. But I'd still be happier if they were
The DSA 1024-bit limit is not really a problem in practice. DSA is
also limited to a 160-bit hash which is (some arm waving here) around
as "strong" as the 1024-bit key. If you made a larger DSA key, then
the hash would become the weak point, and you didn't really gain
If you don't want to be limited to a 1024-bit signing key, don't use
DSA. You can make an RSA signing key up to 4096 bits without any
special hackery. There are drawbacks to this (such as a truly massive
signature size), but it's a good way to get a larger key size.
Some people (like me), have a 4096-bit RSA signing key, but use a
1024-bit DSA subkey for day to day use.
On Mon, May 12, 2003 at 08:28:26PM -0400, Daniel Carrera wrote:
> On a related note. Is there any way that I can create a second key-pair
> that has a signing key with more than 1024 bits?
> I know that this wouldn't comply with the DSA standard, but if I am in a
> situation where I truly need security I might decide that I don't care
> about the standard. Having the option of a larger key would help my peace
> of mind.
The problem with not caring about the standard is you can issue
massive signatures with a large DSA key.... but who is going to be
able to verify them?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
-----END PGP SIGNATURE-----