[Q] DSA 1024-bit limit.
Daniel Carrera
dcarrera@math.umd.edu
Wed May 14 23:24:02 2003
--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, May 14, 2003 at 07:00:11PM +0200, Werner Koch wrote:
> It can't be said often enough: Cryptography is only as strong as the
> weakest subsystem. So compare the probabilities of, say:
>=20
> * breaking of the hash algorithm (SHA-256 is still quite new)
Does RSA signing use the same hash algorithm?
Is the security of SHA-256 believed to be comparable to 1024-bit ElGamal=20
(as the second component of DSA)?
> * physical access to your key (rubber hose attack or a hired
> burgler)
Since my key is encrypted in my hard drive, getting access to it should=20
not compromise my key, correct?
So a hired burgler shouldn't do much good, right? (assuming I have a good=
=20
enough password of course).
> * a BIOS of your box or a clever CPU (think Transmeta) identifying
> secret keys and posting them to a newsgroup.
>=20
> * a rogue OS
>=20
> * a trojan
Doesn't the encryption of the key take care of these?
> If you can truly indentify the length of the key as a worrisome fact,
> you may want to give up the nice short DSA signature for large RSA
> signature blobs.
I'm still hoping to learn how I can use two different signing keys.
Once I have my two keys, how can I switch from signing with one to the=20
other.
--=20
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | C678 4F28 6418 6A62 F186 98FC 9E04 B9A0 0FEB CEC3
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp/key.html
--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
iQEVAwUBPsK0MZMuikfjyo+uAQIKYwf/SDKr7dFCuLquJ70l0V7xLq+e1tRvOs5Q
7cQoCSv5+mi1vQ6qleiuDYQspQ34yuyEoGMR4Fp6oTz/grQ7X0arTGzF0/vEawrq
nQ+c9YY3sDYbpMJPCv5zyU4TWeAxTt/s5ds+lTzU6dQ8r4as9VXVDbK6du/l+Ltl
xYvIwmDbw8QR42lfPdpNAg6JxeOfeTbDcaA+m4jD9R0DfiYndmZyVlHx7V1snuoc
7vwiZ56l2E5JESFqJUGyQZNnt8hw78P2tmyIokOO8w3MJf53jL0BB8KCv3ILyCCa
7vvHjQFVD/FRsVU2UMMGfNyU4B/VYaQJxCcD8Ky5e+mf1OizgziPjw==
=92MX
-----END PGP SIGNATURE-----
--opJtzjQTFsWo+cga--