DSA and ECC (was: Looking for Elgamal sign+encrypt key
Per Tunedal Casual
pt at radvis.nu
Wed Mar 24 23:12:55 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
At 02:01 2004-03-24, you wrote:
>On Tue, Mar 23, 2004 at 02:28:52PM +0100, Per Tunedal Casual wrote:
>> At 05:01 2004-03-22, you wrote:
>> I don't know the reasons why the new DSS doesn't include the "old" RSA
>> signature algo (used in OpenPGP), but rather the new rDSA. The difference
>> seems to be that the new rDSA is using an other hash, MDC-2 (patented).
>> What's the advantage?
>> If MDC-2 is applied with DES as block cipher the hash is only 2x64=128
>> bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a
>> longer hash would be needed to make any use of longer signing keys. With
>> the "old" RSA signature algo a much longer hash can be used e.g. the
>> forthcoming SHA-256.
- -- snipp --
>Seriously, though, there is no reason why rDSA can't someday be added
>to OpenPGP. OpenPGP is very extensible and we're not even close to
>running out of algorithm numbers. That said, there is no particular
>reason I've seen to add it *now*. We should never add algorithms just
>because they are available.
I wanted to hear if anyone new why the new rDSA was developed. What's the
advantage over the "old" RSA algorithm? Especially the "new" hash algoritm
MDC-2 puzzles me. (I haven't read ANSI X-9.31 and neither have I found any
documents about the design process of the standard.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94
-----END PGP SIGNATURE-----
More information about the Gnupg-users