DSA key sizes
David Shaw
dshaw at jabberwocky.com
Mon Nov 10 16:04:50 CET 2014
On Nov 10, 2014, at 8:56 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>> FIPS-186-3, the document that specifies DSS (aka DSA with some
>> additional restrictions as to algorithm, key length, etc) specifies 4
>> key sizes:
>
> Five, but nobody uses DSA-512 and I think it's been formally obsoleted.
> But yes, DSA-512 is a real thing, although GnuPG never supported it
> (for good reasons -- it was seen as marginal even when it first came out!).
No, four. Section 4.2 of FIPS-186-3:
This Standard specifies the following choices for the pair L and N (the bit lengths of p and q, respectively):
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256
http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
Remember that the FIPS-186 documents cover DSS, not DSA. There was a < 1024-bit DSS, but it didn't make it into FIPS-186-3.
It's also not the case the GnuPG never supported 512-bit DSA. You could generate a 512-bit DSA until 1024 was made the minimum in late 2004. Even today, it's possible to generate a 512 bit DSA key in 1.4.x if you use --expert. (Not that you should).
David
More information about the Gnupg-users
mailing list