[Q] DSA 1024-bit limit.

Daniel Carrera dcarrera@math.umd.edu
Wed May 14 23:24:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 14, 2003 at 07:00:11PM +0200, Werner Koch wrote:
> It can't be said often enough:  Cryptography is only as strong as the
> weakest subsystem.  So compare the probabilities of, say:
>   * breaking of the hash algorithm (SHA-256 is still quite new)

Does RSA signing use the same hash algorithm?
Is the security of SHA-256 believed to be comparable to 1024-bit ElGamal=20
(as the second component of DSA)?

>   * physical access to your key (rubber hose attack or a hired
>     burgler)

Since my key is encrypted in my hard drive, getting access to it should=20
not compromise my key, correct?
So a hired burgler shouldn't do much good, right? (assuming I have a good=
enough password of course).

>   * a BIOS of your box or a clever CPU (think Transmeta) identifying
>     secret keys and posting them to a newsgroup.
>   * a rogue OS
>   * a trojan

Doesn't the encryption of the key take care of these?

> If you can truly indentify the length of the key as a worrisome fact,
> you may want to give up the nice short DSA signature for large RSA
> signature blobs.

I'm still hoping to learn how I can use two different signing keys.
Once I have my two keys, how can I switch from signing with one to the=20

Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | C678 4F28 6418 6A62 F186 98FC 9E04 B9A0 0FEB CEC3
UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp/key.html

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (SunOS)