kernel.org status: establishing a PGP web of trust
brian m. carlson
sandals at crustytoothpaste.net
Sat Oct 1 18:51:25 CEST 2011
On Sat, Oct 01, 2011 at 07:01:14AM -0600, Aaron Toponce wrote:
> Having a sufficient amount of paranoia, would keep you from using DSA, I
> would think.
I have an RSA key with RSA subkeys, but now that larger DSA keys are
generally available, I'd be okay with revolving DSA signing subkeys. As
you've pointed out, DSA has the disadvantage that k must always be
different, but it also has advantages, one of them being that p, q, and
g can be shared among a group of people such that p and q can be
*proven* to be prime and generated in a reproducible way. Another one
is that DSA signatures are smaller: there are two MPIs stored for each
signature, but those MPIs are at most 256 bits long each, while for an
RSA signature that was only 512 bits long, the security would be
woefully inadequate.
Point being, both DSA and RSA have their good and bad points, and if
you're fairly confident that you have a good PRNG, such as /dev/urandom,
then there's not really much concern about k. After all, you also need
a good PRNG for CFB IVs as well, although the consequences aren't as
disastrous.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20111001/e3865056/attachment.pgp>
More information about the Gnupg-users
mailing list