RSA or DSA? That's the question

Oskar L. oskar at
Thu Sep 6 22:52:49 CEST 2007

Noiano wrote:
> to choose and why. Is it one more secure than the other? I don't think
> so but I think there are some difference that make one algorithm
> suitable for some uses than the other.

There was a lengthy discussion on this list about the differences between
RSA and DSA a few weeks ago. I suggest you read it, it contains a lot of
information. The list's archives are located at:

One thing I forgot to mention in that discussion, is that since DSA is the
default, there are probably many more DSA keys in use currently than RSA
keys. (If anyone has any statistics that would be interesting to see.)
Therefore, if a government were to invest serious time and effort in
breaking public key crypto, they would probably attack DSA, not RSA, in
order to get the most for their money. I'm not saying either one is weak
and could not stand such an attack, but if there's less pressure on RSA,
then I would consider that to be a benefit.

I would recommend to never automatically use the defaults. Thoroughly
research the differences between all the options, and then decide what is
best for you. The defaults are not always the most secure. For example,
Rijndael was not chosen to become the AES because it offered the best
security, but because it was easy to implement in hardware, fast, and
secure enough.


More information about the Gnupg-users mailing list