Pete Chown <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>
> > SHA-1 is only 2^80 strong against birthday attack. If you
> > go around using SHA-1 or worse yet MD5 to sign stuff then
> > using a private key of size > 1024 is only of limited value.
>
> If you want to forge a signature, you
Eric Rescorla wrote:
> SHA-1 is only 2^80 strong against birthday attack. If you
> go around using SHA-1 or worse yet MD5 to sign stuff then
> using a private key of size > 1024 is only of limited value.
If you want to forge a signature, you will probably not be able to use
the birthday attack.
-Original Message-
>You can certainly use |p| < 1024 but it's correspondingly weaker.
>I would say that 768 is the lower limit for even fairly casual
>use.
Sounds like it's OK to use for now, but I'll probably switch to RSA when the
patent expires in september. RSA key sizes aren't lim
Eric Rescorla wrote:
>
> Technically, they're both correct.
This posting is sent to the list several times.
Can someone stop this please?
Ciao, Michael.
__
OpenSSL Project http://www.openssl.org
"Cico, Michael" <[EMAIL PROTECTED]> writes:
> What is the recommended minimum key size for DSA? Currently I'm using 1024
> bits, but what other (smaller) sizes are considered secure? I'm just
> wondering what can be used if 1024 bit proves too much of a performance
> liability.
>
> The RSA we
