DSA key sizes

Robert J. Hansen rjh at sixdemonbag.org
Mon Nov 10 17:01:12 CET 2014

> No, four. Section 4.2 of FIPS-186-3:

Yeah, I was misled by the reference to 186-3 and misread it as "the 
family of 186 documents."

(For those of you who don't follow government specs as a hobby: FIPS 
186, first released in 1994, has been revised several times over the 
years.  We're now up to the fifth revision, FIPS 186-4, which was 
published in July of 2013.)

> Remember that the FIPS-186 documents cover DSS, not DSA.  There was a
> < 1024-bit DSS, but it didn't make it into FIPS-186-3.

I don't have a copy of FIPS 186-3, but my copy of 186-4 has a chapter 4 
titled "The Digital Signature Algorithm."  The document *itself* is 
called the Digital Signature Standard, but there's nothing in the text 
that says "this particular algorithm with these particular parameters 
represents DSS".

(This is a break of sorts from FIPS 186, where "DSS" was used in the 
text a couple of times in an algorithmic context.  I don't know when the 
language shift happened, but clearly somewhere between 186 and 186-4.)

> It's also not the case the GnuPG never supported 512-bit DSA.

Huh: interesting.

More information about the Gnupg-users mailing list