[Q] DSA 1024-bit limit.
Werner Koch
wk@gnupg.org
Thu May 15 14:46:02 2003
On Wed, 14 May 2003 17:25:08 -0400, Daniel Carrera said:
> Does RSA signing use the same hash algorithm?
> Is the security of SHA-256 believed to be comparable to 1024-bit ElGamal
> (as the second component of DSA)?
As quite usual in cryptography: We don't know exactly. We can only
guess. SHA-256 is much newer than SHA-1 and thus not as well matured.
It is however believed to be strong enough and it increases the
possibilty of a birthday attack (which limits the useful length of
SHA-1 to 80 bits. SHA-256 et al are required to match the
capabilities of AES.
> Since my key is encrypted in my hard drive, getting access to it should
> not compromise my key, correct?
> So a hired burgler shouldn't do much good, right? (assuming I have a good
> enough password of course).
It is unlikely that your passphrase is good enough to be compared
against a 1024 bit DSA key. We are humans and must type them in.
Anyway, the three letter agencies usually visit your place two times:
to install a key logger and later to collect what it has gathered.
>> * a BIOS of your box or a clever CPU (think Transmeta) identifying
>> secret keys and posting them to a newsgroup.
>>
>> * a rogue OS
>>
>> * a trojan
> Doesn't the encryption of the key take care of these?
The CPU decrypts the key and thus at some point it is available in
plaintext. A good passphrase in general gives you some time to detect
a compromised key and to distribute a revocation. Trojans can easily
log all keystrokes.
Shalom-Salam,
Werner
--
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi