Looking for Elgamal sign+encrypt key information

Atom 'Smasher' atom-gpg at suspicious.org
Wed Mar 17 01:45:58 CET 2004

Hash: SHA1

> The arguments against >1024bit signatures basically boil down to... why
> bother, ugly signatures, probably isn't any point.  Really, then, why do
> we all use GnuPG/PGP?  For 99% of us, it's probably 80% coolness factor,
> with 20% paranoia/what-if/why not tossed in.  The very arguments I tend
> to hear against >1024-bit signature keys are the very arguments against
> GnuPG/PGP itself.  Why bother.  Ugly signatures.  Probably doesn't
> matter anyways.
> Even if it's mostly coolness-factor causing you to use it, my
> suggestion: if you're going to use it, then USE it.  And lobby, as
> users, for the algorithms, protocols, and standards that offer real
> protection.

damn good point.

now, if DSS/DSA was modified to handle 4K keys and 0.5K hashes, that would
give us what, 5-6 lines of signature? i can deal with that....

OTOH, just because it's possible to use 10K+ keys, at ~some~ point even
the clinically paranoid user would say "that's too big." DSS/DSA doesn't
currently suffer from a "that's too big" problem, since 1K keys are on the
low end of what's currently considered to be a prudent key size.

since you mention lobbying for the algorithms, protocols, and standards
that offer real protection, i'll ask the list, again, what's the current
status of DSS/DSA variants that allow larger keys and hashes? when will
this become a standard that can be used in "end products" like gpg? should
the current openPGP draft be including a "reserved" status for such


 PGP key - http://atom.smasher.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"As a cryptography and computer security expert,
	 I have never understood the current fuss about
	 the open source software movement. In the
	 cryptography world, we consider open source
	 necessary for good security; we have for decades.
	 Public security is always more secure than
	 proprietary security. It's true for cryptographic
	 algorithms, security protocols, and security
	 source code. For us, open source isn't just a
	 business model; it's smart engineering practice."
		-- Bruce Schneier, 15 Sep 1999
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures


More information about the Gnupg-users mailing list