DSA and ECC (was: Looking for Elgamal sign+encrypt key information)
Per Tunedal Casual
pt at radvis.nu
Tue Mar 23 14:28:52 CET 2004
At 05:01 2004-03-22, you wrote:
>Len Sassaman wrote:
>
>One of the given reasons for incorporation of rDSA
>and ECDSA into the new DSS is the key length restriction of DSA. If DSA
>falls into disuse, then without rDSA or ECDSA, there will be no
>signature standard in OpenPGP at all.
>
The current DSA will in a few years time be depreciated because of too
short signing keys. What's the reason not to include rDSA i OpenPGP? I
think it's important to have a modern signature standard in OpenPGP.
Products bases on OpenPGP cannot be marketed to e.g. US government if
standard algos are missing.
I don't know the reasons why the new DSS doesn't include the "old" RSA
signature algo (used in OpenPGP), but rather the new rDSA. The difference
seems to be that the new rDSA is using an other hash, MDC-2 (patented).
What's the advantage?
If MDC-2 is applied with DES as block cipher the hash is only 2x64=128
bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a
longer hash would be needed to make any use of longer signing keys. With
the "old" RSA signature algo a much longer hash can be used e.g. the
forthcoming SHA-256.
Per Tunedal
More information about the Gnupg-users
mailing list