DSA and ECC (was: Looking for Elgamal sign+encrypt key information)

Per Tunedal Casual pt at radvis.nu
Tue Mar 23 14:28:52 CET 2004

At 05:01 2004-03-22, you wrote:
 >Len Sassaman wrote:
 >One of the given reasons for incorporation of rDSA
 >and ECDSA into the new DSS is the key length restriction of DSA.  If DSA
 >falls into disuse, then without rDSA or ECDSA, there will be no
 >signature standard in OpenPGP at all.
The current DSA will in a few years time be depreciated because of too 
short signing keys. What's the reason not to include rDSA i OpenPGP? I 
think it's important to have a modern signature standard in OpenPGP. 
Products bases on OpenPGP cannot be marketed to e.g. US government if 
standard algos are missing.

I don't know the reasons why the new DSS doesn't include the "old" RSA 
signature algo (used in OpenPGP), but rather the new rDSA. The difference 
seems to be that the new rDSA is using an other hash, MDC-2 (patented). 
What's the advantage?

If MDC-2 is applied with DES as block cipher the hash is only 2x64=128 
bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a 
longer hash would be needed to make any use of longer signing keys. With 
the "old" RSA signature algo a much longer hash can be used e.g. the 
forthcoming SHA-256.

Per Tunedal

More information about the Gnupg-users mailing list