RSA Versus DSA and EL GAMAL

Aaron Toponce aaron.toponce at gmail.com
Mon Mar 14 13:20:39 CET 2011


On 03/13/2011 09:21 PM, Jonathan Ely wrote:
> I apologise in advance if this is a stupid question to ask now or if
> people already asked it before I stepped on the scene, but which
> algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has
> undergone a ridiculous amount of scrutiny and is immensely popular. I
> also know it generates longer keys.

http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

Fortunately, GnuPG ships with good PRNG support, so the value for k can
be guaranteed to be "random enough" to hold the security of DSA in
place. However, DSA is fragile enough that if for any reason, your PRNG
doesn't generate a good k, the private key can be generated.

RSA, afaict, doesn't suffer from this.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/894f3d24/attachment.pgp>


More information about the Gnupg-users mailing list