RSA or DSA? That's the question

Ryan Malayter malayter at
Fri Sep 7 15:15:13 CEST 2007

On 9/6/07, Oskar L. <oskar at> wrote:

> One thing I forgot to mention in that discussion, is that since DSA is the
> default, there are probably many more DSA keys in use currently than RSA
> keys. (If anyone has any statistics that would be interesting to see.)
> Therefore, if a government were to invest serious time and effort in
> breaking public key crypto, they would probably attack DSA, not RSA, in
> order to get the most for their money. I'm not saying either one is weak
> and could not stand such an attack, but if there's less pressure on RSA,
> then I would consider that to be a benefit.

I disagree. DSA is more popular - perhaps - for the narrow use case of
OpenPGP keys. But RSA is the *far* more popular public-key algorithm,
used in everything from SSL/TLS to secure military communications
devices.  A general technique which allows RSA to be broken is far
more valuable than a general break in DSA or ElGamal.

If you were a government spending money to crack crypto, wouldn't you
like to be able to impersonate and read the traffic from every
"secure" website on the planet? Oh, and read the mail of foreign
militaries and diplomats as a bonus?

Or would you want to read Werner Koch's mail and that of a few other
crypto enthusiasts? Despite its standardization and patent-free
nature, DSA isn't really that popular in my experience.

More information about the Gnupg-users mailing list