Travis H. wrote:
I'd like to make a long-term key for signing communication keys using GPG and I'm wondering what the current recommendation is for such. I remember a problem with Elgamal signing keys and I'm under the impression that the 1024 bit strength provided by p in the DSA is not sufficiently strong when compared to my encryption keys, which are typically at least 4096-bit D/H, which I typically use for a year.
1. Signing keys face a different set of non-crypto threats than to encryption keys. In practice, the attack envelope is much smaller, less likely. Unless you have particular circumstances, it's not as important to have massive strength in signing keys as it is in encryption keys. 2. DSA has a problem, it relies on a 160 bit hash, which is for most purposes the SHA-1 hash. Upgrading the crypto to cope with current hash circumstances is not worthwhile; we currently are waiting on NIST to lead review in hashes so as to craft a new generation. Only after that is it possible to start on a new "DSA". So any replacement / fix for DSA is years away, IMO. The OpenPGP group has wrestled with this and more or less decided to defer it. 3. The RSA patent expired, which means that RSA no longer has everyone over a barrel. For various reasons, many projects are drifting back to RSA for signing and for encryption.
Does anyone have any suggestions on how to do this, or suggestions to the effect that I should be doing something else?
If you want something stronger, then I'd suggest you just use a big RSA key for signing. iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]