RSA 1024 ridiculous

Remco Post at
Sun Jun 17 21:42:01 CEST 2007

Andrew Berg wrote:
> Robert Hübener wrote:

>> The work for the RSA-part of the algorithm is always the same: It
>> only has to process either the hash of the message/file or the key
>> for the symmetric cipher.
> I don't completely understand. Does this mean that
> encryption/signature time is only dependent on the hash, and that RSA
> key size doesn't matter in this regard?

there is a hash calculated over the message, the longer the message, the
longer it takes to calculate the hash (given a particular hash algorithm).

Then the hash is encrypted using your secret key (in RSA), the longer
your key, the longer this step takes (again given a particular hash alg.).

So, a longer key has relatively little impact on the total time, esp.
when signing long messages. (any yes we do this because public/private
key crypto is quite cpu intensive).

Also, because of this, there is a session key generated for each
message, and that key is encrypted using recipients public key when
encrypting a message. So in order to achieve good message security, you
need both a strong rsa key and a strong session key.

Met vriendelijke groeten,

Remco Post

SARA - Reken- en Netwerkdiensten            
High Performance Computing  Tel. +31 20 592 3000    Fax. +31 20 668 3167
PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16  B3F6 048A 02BF DC93 94EC

"I really didn't foresee the Internet. But then, neither did the
computer industry. Not that that tells us very much of course - the
computer industry didn't even foresee that the century was going to
end." -- Douglas Adams

More information about the Gnupg-users mailing list