John W. Moore III wrote: > That said; I personally [subjectively] feel that Elgamal is bit-for-bit > more secure.
This is common wisdom; unfortunately, I'm not sure that the common wisdom is correct. >From a pure math perspective, it's probably true that the discrete logarithm problem is harder than the integer factorization problem. (Probably. There are a lot of hidden assumptions and suppositions that go into it. While I don't find the assumptions and suppositions to be unreasonable, it does give me the heebie-jeebies when people talk about one being 'more secure' than the other without ever mentioning the assumptions.) However, both are so phenomenally hard that any attack against the system will probably target key management, sloppy communication protocols, traffic analysis, etc.--and for these sort of attacks, Elgamal is no better than RSA. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
