Re: Comments on draft

ietf-openpgp

Re: Comments on draft - Long.

1997-12-03 14:49:00

DSS/DSA is only specified for key lengths between 512 and 1024, but OpenPGP 
should be free to do longer keys, even though the standard doesn't actually 
support them.

 
There's no point in moving to p > 1K bits if q is only 160 bits because it'll 
be vulnerable to a small-exponent attack.  Since q is governed by the hash 
function associated with DSA, you then need to define a new hash function with 
a larger output block size, and suddenly things get very messy.  At the moment 
I don't think it's sensible to use keys > 1K bits, all it'll do is lead to 
confusion about the amount of security offered.
 
Peter.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Comments on draft - Long., (continued) Re: Comments on draft - Long., Hal Finney Speculative Mode for KeyIDs of all zeroes, Ian Grigg Re: Speculative Mode for KeyIDs of all zeroes, Black Unicorn Re: Speculative Mode for KeyIDs of all zeroes, Jonathan Wienke Re: Speculative Mode for KeyIDs of all zeroes, Black Unicorn Re: Speculative Mode for KeyIDs of all zeroes, William H. Geiger III Re: Speculative Mode for KeyIDs of all zeroes, stewarts Re: Speculative Mode for KeyIDs of all zeroes, Ian Grigg Re: Speculative Mode for KeyIDs of all zeroes, Bill Stewart Re: Comments on draft - Long., Lutz Donnerhacke Re: Comments on draft - Long., Peter Gutmann <= Re: Comments on draft - Long., Bill Stewart DSS lengths, Jon Callas Re: Comments on draft - Long., William H. Geiger III Re: Comments on draft - Long., Peter Gutmann Re: Comments on draft - Long., Peter Gutmann Re: Comments on draft - Long., Hal Finney

Previous by Date:	Re: OP and pgp5.0i: some problems, Maksim Otstavnov
Next by Date:	Re: Why do people fight about S/MIME vs. PGP rather than use MOSS?, Graham Klyne
Previous by Thread:	Re: Comments on draft - Long., Lutz Donnerhacke
Next by Thread:	Re: Comments on draft - Long., Bill Stewart
Indexes:	[Date] [Thread] [Top] [All Lists]