[Q] DSA 1024-bit limit.
Wed May 14 23:24:02 2003
Content-Type: text/plain; charset=us-ascii
On Wed, May 14, 2003 at 07:00:11PM +0200, Werner Koch wrote:
> It can't be said often enough: Cryptography is only as strong as the
> weakest subsystem. So compare the probabilities of, say:
> * breaking of the hash algorithm (SHA-256 is still quite new)
Does RSA signing use the same hash algorithm?
Is the security of SHA-256 believed to be comparable to 1024-bit ElGamal=20
(as the second component of DSA)?
> * physical access to your key (rubber hose attack or a hired
Since my key is encrypted in my hard drive, getting access to it should=20
not compromise my key, correct?
So a hired burgler shouldn't do much good, right? (assuming I have a good=
enough password of course).
> * a BIOS of your box or a clever CPU (think Transmeta) identifying
> secret keys and posting them to a newsgroup.
> * a rogue OS
> * a trojan
Doesn't the encryption of the key take care of these?
> If you can truly indentify the length of the key as a worrisome fact,
> you may want to give up the nice short DSA signature for large RSA
> signature blobs.
I'm still hoping to learn how I can use two different signing keys.
Once I have my two keys, how can I switch from signing with one to the=20
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | C678 4F28 6418 6A62 F186 98FC 9E04 B9A0 0FEB CEC3
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp/key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
-----END PGP SIGNATURE-----