[Q] DSA 1024-bit limit.
Daniel Carrera
dcarrera@math.umd.edu
Tue May 13 16:44:03 2003
--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> Some people (like me), have a 4096-bit RSA signing key, but use a
> 1024-bit DSA subkey for day to day use.
I'm interested. How can I do that?
I already have a "key chain" (is that what you call it?). Do I need to=20
start over?
> The problem with not caring about the standard is you can issue
> massive signatures with a large DSA key.... but who is going to be
> able to verify them?
Well, I was thinking of my wanting to communicate with one single person=20
using more security than that afforded by DSA. I'd just make sure that=20
this one person can read my non-compliant key and I'd just a compliant key=
=20
with the rest of the world.
But no need. I can have a large RSA key for cases where I want the extra=
=20
security and a DSA key for day-to-day use.
Is there a limit on now large an RSA signing key can be?
How large should it be to be comparable to my 2048-bit ElGamal key?
I know that, for encryption, RSA is thought to be only a little less=20
secure than ElGamal. So I guess a 2048-bit RSA key will do. Unless=20
there's something about key-signing that I'm not aware of.
Thanks for the help.
--=20
Daniel Carrera | OpenPGP fingerprint: | DSA KeyID:
Graduate TA Math Dept. | C678 4F28 6418 6A62 F186 | 0x0FEBCEC3
UMD (301) 405-5137 | 98FC 9E04 B9A0 0FEB CEC3 |=20
--LZvS9be/3tNcYl/X
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)
iD8DBQE+wQUUngS5oA/rzsMRArKrAKDFICbL1P4sRoQyfo6hDnsgwr2/JACgx9+E
yP3JlxvtVWAciBKH/E11XcQ=
=qjaq
-----END PGP SIGNATURE-----
--LZvS9be/3tNcYl/X--