RSA vs DSA/ElGamal

John W. Moore III johnmoore3rd at joimail.com
Fri Jun 9 05:45:24 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Zach Himsel wrote:
> My private key was recently compromised (Which sucks, I know). I was in
> the process of generating a new keypair when I realized "Why do I use
> RSA? What's the difference". Hence my question :)
> 
> If I *do* use DSA/ElGamal, what bitrate should I use? I know there are
> FAQs and documentations that say to use a certain bitrate, but I would
> like to know the reason behind that...

My personal preference is for an RSA signing Key with an ElGamal
encryption sub-Key.  My reasons are twofold:

RSA Keys have *all* the hash functions available to them.  Nothing
truncated.  RSA Keys are more difficult to 'forge' signatures due to the
built in "firewall", for lack of a better word.  Much has been written
on PGP-Basics regarding this ability within RSA Keys.  Robert J. Hansen
also explains this very well in his 'Un-Official PGP FAQ' which is
accessible from my Homepage.

I use an ElGamal encryption sub-Key solely because I feel that
bit-for-bit, ElGamal is the stronger.  Others can & may differ.

The way to avail yourself of all the Options in Key Generation is simply
to add the single word _expert_ to your gpg.conf File.  This single, 1
word line in gpg.conf will also allow you to accomplish a lot of silly
things.  For instance, absurdly large Keys may be generated.

If by 'bitrate' (bit rate?) you are referring to the hash function, you
are limited to a 160 bit Hash and I'd suggest RIPEMD160.  If you are
using a Compiled version of 1.4.4 and have decided to generate a DSA2
Key, then I'd specify SHA256 to obtain security & maximum verification
compatibility.

JOHN ;)
Timestamp: Thursday 08 Jun 2006, 23:43  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4151: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage:  http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCgAGBQJEiO7TAAoJEBCGy9eAtCsP6XAIAIw0rn9LFyimSOBfK11cwuAE
1N6/ZElifmi9IEUH2zEARKjJzf6wVauHTMCFhx1A2iHtlzND6XEGwwDGnQv6VQcT
NgcmjxfBGedWUqHqsg+CsNNSS8jdnVQPWv4zDG4Rx2al7B8t+jEmakzmq3iFkPVM
zPZmJoCDrtLih6y60DXf2kdfjHamY6zoEF36NT/l3t2f60RSob06lpTRAtEUyHiL
CpwGR6Jf56d9y3C49n4PcivodyHcYxe6FM9kHyNh8OR9GxfqGUb1pwXhmab/c03h
3qvKgdOeA+gBgbNwu3IwqQ4FickaV1So2eqyrLl5b5FdCAcDaoXFaczg45c80tc=
=35H+
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list