RSA or DSA? That's the question

Robert J. Hansen rjh at
Fri Sep 7 20:29:25 CEST 2007

Noiano wrote:
> First off all thanks for your answers, I have now clearer ideas :-).
> For what concerns SHA-1 I read that, thanks to the collisions, an
> attacker can modify the message but the signature verification well
> be ok.

That's not possible today.  Today, it would be extraordinarily difficult
to forge the message.  However, that's no guarantee it will be
extraordinarily difficult in six months or a year.

It is best to migrate away from SHA-1 right now.

> By the way I am thinking on creating a rsa key pair (with rsa subkey)
> as I am willing to buy a smart card kit. However you told the very
> standard algorithm is DSA/Elgamail so what should I do? Create two
> key pair? A rsa one and a dsa/elgamail one?

Don't buy a smart card unless you need a smart card.  Most smart cards
limit themselves to RSA-1024.  Distributed key cracking plus the
constant forward march of mathematical progress means it's possible
RSA-1024 will fall in the next five years.

If you need a smart card, by all means, get one.  If you don't, you're
probably better off without one, because it gives you more possibilities.

Insofar as what I think you should do, my advice is unchanged.  Stick
with the defaults.  I genuinely do not understand why people spend hours
upon hours laboriously deciding whether to use a DSA or an RSA key.
Drop "enable-dsa2" in your gpg.conf, set your personal hash preferences
to use SHA256, and create a default key.

> One more thing: the key expiry. Do you think that setting the expiry 
> date after a year or two is a good choice? Or is better not to set a 
> expiry date and revoke the key when necessary?

For most personal/home users, expiration is not necessary.

More information about the Gnupg-users mailing list