-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Nicholas Cole wrote: > I am right that this is not a new algorithm as such,
The problem with describing anything as a 'new algorithm' is, where do you draw the line for new? Changing just one line in a specification could be enough to categorize something as 'new', if you wanted to define it that way. It's more apt to say that DSA2 is very closely related to the original DSA. DSA2 is a logical outgrowth of the older DSA specification. > it is just the old one with longer key sizes? And better hash algorithms. > And that the only reason it has been restricted to 1024 in the past > is a US standard? DSA is part of a United States FIPS (Federal Information Processing Standard). In this FIPS a scheme called DSS, the Digital Signature Standard, is defined. DSS specifies that DSA with SHA-1 will be used for all signatures. > Or was there any fear that a larger key size with that algorithm > would not provide security? At the time DSA was designed, 1024 bits of the Discrete Logarithm Problem was widely considered to be enough for all practical purposes. It isn't considered to be so any longer and various attacks are being discovered against SHA-1 (which DSS requires to be used with DSA), so a revised FIPS was put out addressing these two concerns. > Is the new upper limit of 3072 bits picked for any particular reason? Because this is the new upper limit in the FIPS. If you're asking why the FIPS chose 3072-bit keys as the upper limit, I suspect their reasoning is that attacking 3072-bit DLP is a pipe dream now and for the foreseeable future. For whatever it's worth, some critics of OpenPGP point to the lack of a hash function firewall in DSA and DSA2 keys as a big unresolved security issue. These critics are of the opinion the RSA signature specification is better-defined. While I haven't looked at the spec enough to see if DSA2 still lacks a hash function firewall, the criticism should probably be brought up and considered, especially if you're thinking of migrating your key to a different signature algorithm. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCgAGBQJFEoyaAAoJELcA9IL+r4EJcswH/i9vvGkGRWBaSg8sgDkDMKAm EW+qYDo/HTm/QW5xRJtlM4AuaFwLIHGE222hGFhRKRXwris0wlCJCWV7dpVQbr61 LaNbpijkznpYv/sMweX5upIlC3g796yeVyKnkQKZB13j8Uayt5J0JVslyh/Sunb9 VuV0IbLEqjuN/+uYOm6Y1zKicHh6mn+2o2LSINGC854vg8LHJxpd1r+80yhvcVMl AdwyAcUeUGi5C70ejB+xr273QKNAUZTHf8xDb2E8NbUET8mD8nJY/KdpMB0rttbc E2cVjeGrGkBXfJG1cLH1QOTQInqXVK6J6BUcA5hvlEw+7Dxkp4tciK40/msT74E= =HZUZ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users