Questions about generating keys (hash firewalls)
dougb at dougbarton.us
Sun Aug 26 07:58:22 CEST 2007
On Fri, 24 Aug 2007, David Shaw wrote:
> On Fri, Aug 24, 2007 at 09:06:24PM +0300, Oskar L. wrote:
>> Do hash firewalls have any drawbacks (performance decrease, difficult to
>> implement, patent issues etc.)? What's the reason DSA doesn't have one?
> I suspect a major reason is the main use of DSA is really DSS - and
> DSS was never intended to be used with any hash other than SHA-1.
> It gets a little stickier with DSA2/DSS2 where there are several
> possible hashes. For example, a 1024/160 DSA key can use SHA1, but
> also SHA224, SHA256, SHA384, or SHA512, by truncating them to 160
I've followed this thread with interest, since my only signing key is a
1024 DSA key, and I'm considering options for what my "next" key should
It almost sounds from what you're saying above that there actually is an
argument for RSA's hash firewall being "better" than DSA here, but if I
correctly understood what you said later in the thread, the margin by
which it's "better" is so small as to not be worth considering. Is that
more or less correct?
The other question I had is about what you said above regarding truncating
hashes with DSA2. Am I understanding correctly that even with DSA2 the
hash size can be no larger than 160 bits?
Doug (who hopes these questions aren't too dopey)
If you're never wrong, you're not trying hard enough
More information about the Gnupg-users