RSA signing keys

Werner Koch wk at
Fri Feb 18 16:18:44 CET 2005

On Fri, 18 Feb 2005 15:06:22 +0100, Gregor Zattler said:

> Do you advise to use RSA signing keys with gnupg 1.4.1?  Will the
> default key type change?

No.  DSS is the default signing algorithm and a MUST for all OpenPGP
applications; thus it is suggested to do that.  Not all OpenPGP
applications are able to handle RSA signed messages.  

And now please repeat all:

  The security of a system is limited by its weakest link!

Does anyone really believe that a collission attack (i.e. a method to
produce 2 different text with the same hash value) is a danger?

I am 100% sure that there are more severe bugs in GnuPG or other
software used during the build and its use that are far easier to
exploit than a 2^69 workload with incredibale amounts of required
storage.  Let alone rubber hose attacks and blackmailing.



More information about the Gnupg-users mailing list