Bob Mearns wrote:
>> I'm looking to generate a short digital signature, perhaps 192 >> bits or so, using an asymmetrical algorithm. DSA seems to >> have 320 bit signatures regardless of the key size used. Is >> this really the case, or am I missing something? Ignoring for >> the moment the wisdom of using signatures this short, is there >> a way I can accomplish my goal of ~192 bit signatures?
I just thought that it should be noted, the reason the DSA signatures are locked at 320 bits regardless of the key used is because the DSA standard uses the SHA-1 hash function to first compute the hash of the message. SHA-1 produces a fixed size hash of 160 bits. Because the hash size is fixed, the DSA specifies that a 160 bit prime be chosen at random during the key generation. During the signing process, two values are computed, r and s, each of these is calculated in an equation that is mod q. Therefore r and s can never exceed more than 160 bits, regardless of the size of key used. Since r and s comprise the signature, these two 160-bit values combine to form a signature that is 320 bits in length. For more information on the algorithm and how it works, please see: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
A new standard is currently under development (Do a search on: FIPS 186-3) which specifies the use of longer length hashes, including SHA-224, SHA-256, SHA-384, and SHA-512 as a hash function, therefore q would be of size 224, 256, 384, and 512 bits respectively. The signature sizes would be double the size of q for each case.
To have a signature length of 192 bits would require q be 192/2 or 96 bits long. This is considerably smaller than the length of even MD5 hashes, and therefore would not provide a great deal of security.
Jason ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
