On Nov 10, 2014, at 7:00 AM, Nicholas Cole <nicholas.c...@gmail.com> wrote:
> Just out of curiosity: DSA key sizes are now rounded to one of 3 > values, whereas RSA keys are available in a range of sizes between two > limits. Why the difference? FIPS-186-3, the document that specifies DSS (aka DSA with some additional restrictions as to algorithm, key length, etc) specifies 4 key sizes: 1024 bit key, 160 bit hash 2048-bit key, 224 bit hash 2048-bit key, 256 bit hash 3072-bit key, 256 bit hash. To be closer to FIPS, GnuPG rounds up to the next 1024-bit boundary when making DSA keys. The hash rules are keys 2048 bits and over use a 256-bit hash, keys over 1024 bits use a 224 bit hash, and 1024 and under use a 160 bit hash (classic DSA). GnuPG skips the 2048/224 option in favor of 2048/256. In --expert mode you can select whatever key size you like without rounding, but the same hash size rules still apply. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
