Other hashes with DSA keys

John Clizbe JPClizbe at comcast.net
Mon Mar 14 12:02:21 CET 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johan Wevers wrote:
> Hello,
> 
> Now that PGP 9 beta seems to have extended the standard to allow non-160 bit
> hashes to be used with DSA keys, isn't it time for GnuPG to do the same,
> especially after the recent attacks on SHA-1? I know it's against the
> standard, but the expansion of the standard is pretty straightforward and
> not due to interpretation problems. After all, the official standard is
> often a reflection of the behaviour of specific programs anyway.
> 
> And while this is being provessed, Tiger might be re-included too, since the
> arguments against its 192 bits size are then no longer relevant.

I don't know that "extended the standard" is the language I'd use. More to
the point would be "second guessed the IETF OpenPGP WG". Did they even
meet at last week's IETF meeting? The current draft, rfc2440bis-12,
expires in May of this year.
(http://tools.ietf.org/wg/openpgp/draft-ietf-openpgp-rfc2440bis/draft-ietf-openpgp-rfc2440bis-12.txt)

Granted Jon Callas of PGP Corp. is a member of the OpenPGP WG, but I think
PGP Corp. is just trying to predict what will happen in the near term with
DSS/DSA and be ready to market the new solution.

DSS and DSA are NIST standards (FIPS-180 and FIPS-186) and 'official'
changes to them will come from NIST after the usual solicitation and
comment periods. (Much like the selection of AES to replace DES.)

Yes, some of the likely successors to SHA-1 are already implemented in
GnuPG 1.4, but I wouldn't try to second guess NIST (too much of that went
on with AES). Perhaps SHA-256|384|512 and even Tiger will be elevated to
'interim solutions' while DSA-2 is being formulated.

My view is that it doesn't make sense /right now/ to break DSS/DSA by ad
hoc extensions. The new hashes are already in GnuPG 1.4, they can be fully
enabled once the new standard is in place. Changing now is premature.

Until then, if one is *REALLY* paranoid, maybe he/she should consider
using 2048 bit RSA keys. 8-})

- --
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1rc2 (MingW32)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the £33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCNW88HQSsSmCNKhARAgqEAKDUhVrnKzKTlgjTGVkVhhibkDo+SACgm6Xv
t0hhjCH1zLFOrjbn55IOrH4=
=UGNC
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list