DSA and ECC (was: Looking for Elgamal sign+encrypt key information)

Per Tunedal Casual pt at radvis.nu
Wed Mar 24 23:12:55 CET 2004

Hash: SHA1

At 02:01 2004-03-24, you wrote:
 >On Tue, Mar 23, 2004 at 02:28:52PM +0100, Per Tunedal Casual wrote:
 >> At 05:01 2004-03-22, you wrote:
 >> I don't know the reasons why the new DSS doesn't include the "old" RSA
 >> signature algo (used in OpenPGP), but rather the new rDSA. The difference
 >> seems to be that the new rDSA is using an other hash, MDC-2 (patented).
 >> What's the advantage?
 >> If MDC-2 is applied with DES as block cipher the hash is only 2x64=128
 >> bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a
 >> longer hash would be needed to make any use of longer signing keys. With
 >> the "old" RSA signature algo a much longer hash can be used e.g. the
 >> forthcoming SHA-256.
- -- snipp --

 >Seriously, though, there is no reason why rDSA can't someday be added
 >to OpenPGP.  OpenPGP is very extensible and we're not even close to
 >running out of algorithm numbers.  That said, there is no particular
 >reason I've seen to add it *now*.  We should never add algorithms just
 >because they are available.
I wanted to hear if anyone new why the new rDSA was developed. What's the
advantage over the "old" RSA algorithm? Especially the "new" hash algoritm
MDC-2 puzzles me. (I haven't read ANSI X-9.31 and neither have I found any
documents about the design process of the standard.)
Per Tunedal

Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94


More information about the Gnupg-users mailing list