-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:09 PM 99/04/14 +0200, you wrote:
hal(_at_)rain(_dot_)org writes:
At the same time, we are considering requiring that
newly generated keys of the other types, ElGamal
and RSA, also be multiple of 64 bits (note
I can agree on a multiple of 8 bits but I don't the
an advantage to use any other value.
Why?
For a given maximum key size, this restriction cuts
the available key space in half, approximately. What
effect does it have on the difficulty of an attack?
to do the RSA calculations. As it turned out, CAPI
had a bug which prevented it from working properly
with unusual key sizes. Those users weren't able
to use their keys with the CAPI version.
Working around bugs in one companies new product is a
Bad Thing to do.
Discovered errors are an indicator that additional,
latent errors are likely to exist. The fringe cases
are often the ones which encounter the errors. If we
do not permit "odd" key sizes, or other inconvenient
usage, then we may allow sloppy practices which
ultimately might jeopardize the security of the user.
There are many other issues we could fix for them by
changing the standards ;-).
Adding workarounds for some products which are around
for a long time is a different thing.
Yes. A warning to the user, or a documented
configuration option, is a much better solution.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQA/AwUBNxdE1d3xSrdLzmIWEQIC/QCglPlmDWGK1lFvKHgv9I+0e8TvXkwAniSS
zfdv4rzgNA1/tourvMQ5l0BO
=g6pw
-----END PGP SIGNATURE-----