Ian G wrote:
Ben Laurie wrote:
Ian G wrote:
Hal Finney wrote:
The new DSS keys will, according to what I have heard, be for two
sizes:
2048 and 3072 bits, and will use SHA-224 and SHA-256 respectively.
(SHA-224 is not presently an OpenPGP algorithm; it is basically a
truncated version of SHA-256 with a different internal initial value).
This will allow for larger keys and use a different hash than SHA-1.
(assuming we do it,) I would suggest we ditch the 2048/224
and just implement the 3072/256.
(We could add the other one as a MAY ... but I can't see
the point of it. Sure NIST may split hairs on it, but
let's save ourselves the doco and the discussion and
just do the better one.)
How about because generating 2048 bit primes already takes long
enough, and 3072 takes ages?
Numbers?
I was going to provide them, but accurate numbers for DSA is difficult,
because it requires modifying the core code in OpenSSL (or some other
DSA generator), and I couldn't be bothered.
One can get a feel for it with:
time openssl gendh <number of bits>
which takes a long time. Long enough that I didn't wait for it to finish
before hitting send.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff