ietf-openpgp
[Top] [All Lists]

Re: Comments on draft - Long.

1997-12-04 06:32:40
-----BEGIN PGP SIGNED MESSAGE-----

In <88118582801112(_at_)cs26(_dot_)cs(_dot_)auckland(_dot_)ac(_dot_)nz>, on 
12/04/97 
   at 10:50 AM, pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz (Peter 
Gutmann) said:

DSS/DSA is only specified for key lengths between 512 and 1024, but OpenPGP 
should be free to do longer keys, even though the standard doesn't actually 
support them.

There's no point in moving to p > 1K bits if q is only 160 bits because
it'll  be vulnerable to a small-exponent attack.  Since q is governed by
the hash  function associated with DSA, you then need to define a new
hash function with  a larger output block size, and suddenly things get
very messy.  At the moment  I don't think it's sensible to use keys > 1K
bits, all it'll do is lead to  confusion about the amount of security
offered.


I am not that well versed on DSA but what is involved in increasing p if a
corresponding q can be supplied? 

Will a p of 2048 work with a corresponding q of 320?

Does q need to be the entire Hash or can it be only part of it? Say you
have a p of 512 and a 160 hash does one use only 80 bits of the 160 hash
and discard the rest?

The lines I am thinking along are as follows:

You desire a key of size p which requires a certain q. You have a hash
which is a fraction of q. Rather than generating 1 hash of the message you
evenly divide the message into parts and create a hash for each part then
concatenate the hashes to provide the required q for the size p key you
wish to work with.

If there is a gaping flaw in the logic here please be gentle with the
flames as I have been up all night working. :)


- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                 
       
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNIawqI9Co1n+aLhhAQJvIwQAj44OLr4Zt8wuZ50GC/ihPUP6nYPcL9Qz
FRjSsCzfhyUGrx40ha5HErAmCWF6s0CC4kP1WG0fr1CdD8kGuvtutff97QemAxS2
mRvjmAoFWqY4QCftNqLM6RJFB9BCT4BcMeDM6LvoU5zhX9KB8rdDEifgaE88opCV
aNanX9+MFfU=
=Ro5G
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>