[Q] DSA 1024-bit limit.

Daniel Carrera dcarrera@math.umd.edu
Wed May 14 23:24:02 2003 

--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 14, 2003 at 07:00:11PM +0200, Werner Koch wrote:
> It can't be said often enough:  Cryptography is only as strong as the
> weakest subsystem.  So compare the probabilities of, say:
>=20
>   * breaking of the hash algorithm (SHA-256 is still quite new)

Does RSA signing use the same hash algorithm?
Is the security of SHA-256 believed to be comparable to 1024-bit ElGamal=20
(as the second component of DSA)?

>   * physical access to your key (rubber hose attack or a hired
>     burgler)

Since my key is encrypted in my hard drive, getting access to it should=20
not compromise my key, correct?
So a hired burgler shouldn't do much good, right? (assuming I have a good=
=20
enough password of course).

>   * a BIOS of your box or a clever CPU (think Transmeta) identifying
>     secret keys and posting them to a newsgroup.
>=20
>   * a rogue OS
>=20
>   * a trojan

Doesn't the encryption of the key take care of these?


> If you can truly indentify the length of the key as a worrisome fact,
> you may want to give up the nice short DSA signature for large RSA
> signature blobs.

I'm still hoping to learn how I can use two different signing keys.
Once I have my two keys, how can I switch from signing with one to the=20
other.

--=20
Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | C678 4F28 6418 6A62 F186 98FC 9E04 B9A0 0FEB CEC3
UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp/key.html

--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)

iQEVAwUBPsK0MZMuikfjyo+uAQIKYwf/SDKr7dFCuLquJ70l0V7xLq+e1tRvOs5Q
7cQoCSv5+mi1vQ6qleiuDYQspQ34yuyEoGMR4Fp6oTz/grQ7X0arTGzF0/vEawrq
nQ+c9YY3sDYbpMJPCv5zyU4TWeAxTt/s5ds+lTzU6dQ8r4as9VXVDbK6du/l+Ltl
xYvIwmDbw8QR42lfPdpNAg6JxeOfeTbDcaA+m4jD9R0DfiYndmZyVlHx7V1snuoc
7vwiZ56l2E5JESFqJUGyQZNnt8hw78P2tmyIokOO8w3MJf53jL0BB8KCv3ILyCCa
7vvHjQFVD/FRsVU2UMMGfNyU4B/VYaQJxCcD8Ky5e+mf1OizgziPjw==
=92MX
-----END PGP SIGNATURE-----

--opJtzjQTFsWo+cga--