Looking for Elgamal sign+encrypt key information
Atom 'Smasher'
atom-gpg at suspicious.org
Wed Mar 17 01:45:58 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> The arguments against >1024bit signatures basically boil down to... why
> bother, ugly signatures, probably isn't any point. Really, then, why do
> we all use GnuPG/PGP? For 99% of us, it's probably 80% coolness factor,
> with 20% paranoia/what-if/why not tossed in. The very arguments I tend
> to hear against >1024-bit signature keys are the very arguments against
> GnuPG/PGP itself. Why bother. Ugly signatures. Probably doesn't
> matter anyways.
>
> Even if it's mostly coolness-factor causing you to use it, my
> suggestion: if you're going to use it, then USE it. And lobby, as
> users, for the algorithms, protocols, and standards that offer real
> protection.
============================
damn good point.
now, if DSS/DSA was modified to handle 4K keys and 0.5K hashes, that would
give us what, 5-6 lines of signature? i can deal with that....
OTOH, just because it's possible to use 10K+ keys, at ~some~ point even
the clinically paranoid user would say "that's too big." DSS/DSA doesn't
currently suffer from a "that's too big" problem, since 1K keys are on the
low end of what's currently considered to be a prudent key size.
since you mention lobbying for the algorithms, protocols, and standards
that offer real protection, i'll ask the list, again, what's the current
status of DSS/DSA variants that allow larger keys and hashes? when will
this become a standard that can be used in "end products" like gpg? should
the current openPGP draft be including a "reserved" status for such
signatures?
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
"As a cryptography and computer security expert,
I have never understood the current fuss about
the open source software movement. In the
cryptography world, we consider open source
necessary for good security; we have for decades.
Public security is always more secure than
proprietary security. It's true for cryptographic
algorithms, security protocols, and security
source code. For us, open source isn't just a
business model; it's smart engineering practice."
-- Bruce Schneier, 15 Sep 1999
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
iD4DBQFAV5/MnCgLvz19QeMRArfGAJwPtP+vTlE8wzAaASXq+dv8qtrUPACYjTy2
eGKz0T6PpoFvpUuGO4UP0A==
=Mfgc
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list