Konrad Rosenbaum wrote:
On Monday 30 May 2005 16:36, Ben Laurie wrote:
However, I'm still left with a question, since 2437 only specifies RSA
signatures. What lengths should be used with DSA and Elgamal?
That's trivial: with DSA there is no such thing as an encoding length, since
the Hash is used directly and has to be of the correct length (with 1024
bit DSA you SHOULD use SHA-1, which is 160 bit wide, which (ohh wonder!)
matches the requirement of DSA).
Elgamal is also trivial: don't use it for signatures. It's insecure. (Or
rather: it is so hard to make it secure that it is not worth it.)
As I have previously stated, my keyring contains Elgamal signatures. I'm
sure I'm not alone in this. I want to be able to check them. I think its
fine to deprecate them, but refusing to describe them is just annoying.
Cheers,
Ben.