Looking for Elgamal sign+encrypt key information

Newton Hammet newton at hammet.net
Mon Mar 15 06:06:52 CET 2004


Hello All,

My public key is an RSA key, with a 4096-bit key
for signature and a separate 4096-bit key for 
encryption.  Hopefully this compensates for DSA
or Elgamal being "slighty stronger" for a given
bit size.

The reason I like RSA is because I understand it
a little better than DSA or ELG, and also because
key size is really tunable to whatever size
you want.

Regards,
Newton






On Sun, 2004-03-14 at 19:47, Kurt Fitzner wrote:
> > There's a lot more to the security of a cryptosystem than simple
> bitsize.
> 
> Yes, there is a lot more to security than the bit size. I understand
> that DH/Elgamal keys offer very slightly more security per bit than RSA.
> My understanding is, though, that it is slight enough that for all
> intents and purposes they are generally considered equivalently strong.
> I hope this isn't taken as argumentative, but it seems that this
> statement (quoted above) is rather avoiding the issue.  If I am
> mistaken, and the security per bit in DSA signing keys is extrordinarily
> higher than I am giving it credit for then please, by all means, correct
> me.  For the moment, though, I have grave concerns over a signature
> mechanism who's current best strength is at the bare minimum that
> cryptographer's are suggesting.  According to some cryptographers[1],
> 1024 bits isn't even a good minimum today.  One point that
> cryptographers make over and over is that no one should wait until a
> keysize is provably too weak.
> 
> As I stated earlier, I don't want to replace my signature key every few
> years.  I don't want people to be making the determination on whether my
> signing key is mine or not based on whether it was signed by a
> previously trusted, but now expired old key.  
> 
> > Crypto software should not be about "choice". It should be about
> > security. Most users aren't qualified to assess the relative merits
> > of public key cryptosystems. When one such cryptosystem is known to
> > have serious weaknesses, it is the implementor's duty to remove it,
> > rather than to assume that the average user has the knowledge to
> > understand the implications of using that cryptosystem.
> 
> Of course cryptography software is about choice.  It's about people
> taking an active role to determine what is good for them.  The advice
> given in many tutorials, faqs, and papers[2] suggests that people keep
> track of the current state of the art in cryptography and make their
> symmetric, hash, and public key algorithm choices accordingly.
> 
> Crypto software must be secure, and it must also have the perception
> that it is secure.  Both of these ends can be served by incorporating
> choice into the software.  If the whole purpose of GnuPG is to have a
> few experts determine what's best for all us civilians, then why is
> there more than one of any type of algorhithm implemented in it at all?
> Why are so many algorhythms included in the OpenPGP standard?  I suggest
> that it is for the very reason so that people can make choices about
> what to use - so that they can choose what best serves their purposes.
> Thus, with respect, I must say that I believe the statement "Crypto
> software should not be about 'choice'" to be seriously flawed.
> 
> I think that choice - informed choice - is vital.  And so is having
> aught to choose from.
> 
> Regard,
> 
> 	Kurt Fitzner
> 
> 
> [1] Selecting Cryptographic Key Sizes (2001), Dr. Arjen K. Lenstra, Dr.
> Eric R. Verheul
> Journal of Cryptology: the journal of the International Association for
> Cryptologic Research.
> 
> It is interesting to note that their extrapolation to 2004 of 1108 bits
> as a minimum kery-size didn't change between 1999, the year the paper
> was first released, and 2001, the year of the paper's last (to my
> knowledge) update
> 
> [2] See http://senderek.de/security/secret-key.protection.html, and
> http://www.samsimpson.com/cryptography/pgp/pgpfaq.html - both well known
> FAQs for the beginner learning about PGP/GPG and cryptography.
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-- 
Public Key: 4096R/136FC036 2004-02-09 Newton Hammet <newton at hammet.net>
Key fingerprint = 785F DFF3 7029 3FBD 45CE 747C 93CA E808 136F C036
Key servers: subkeys.pgp.net, et al





More information about the Gnupg-users mailing list