RSA or DSA? That's the question
Robert J. Hansen
rjh at sixdemonbag.org
Fri Sep 7 20:29:25 CEST 2007
> First off all thanks for your answers, I have now clearer ideas :-).
> For what concerns SHA-1 I read that, thanks to the collisions, an
> attacker can modify the message but the signature verification well
> be ok.
That's not possible today. Today, it would be extraordinarily difficult
to forge the message. However, that's no guarantee it will be
extraordinarily difficult in six months or a year.
It is best to migrate away from SHA-1 right now.
> By the way I am thinking on creating a rsa key pair (with rsa subkey)
> as I am willing to buy a smart card kit. However you told the very
> standard algorithm is DSA/Elgamail so what should I do? Create two
> key pair? A rsa one and a dsa/elgamail one?
Don't buy a smart card unless you need a smart card. Most smart cards
limit themselves to RSA-1024. Distributed key cracking plus the
constant forward march of mathematical progress means it's possible
RSA-1024 will fall in the next five years.
If you need a smart card, by all means, get one. If you don't, you're
probably better off without one, because it gives you more possibilities.
Insofar as what I think you should do, my advice is unchanged. Stick
with the defaults. I genuinely do not understand why people spend hours
upon hours laboriously deciding whether to use a DSA or an RSA key.
Drop "enable-dsa2" in your gpg.conf, set your personal hash preferences
to use SHA256, and create a default key.
> One more thing: the key expiry. Do you think that setting the expiry
> date after a year or two is a good choice? Or is better not to set a
> expiry date and revoke the key when necessary?
For most personal/home users, expiration is not necessary.
More information about the Gnupg-users