David Alexander Russell wrote: > Essentially what I read was that the default 1024-bit DSA key isn't > strong enough, due to some flaw in SHA-1 which is the hash used for that > size of DSA (that's as much detail as I absorbed I'm afraid)
Don't believe the hype. I don't like DSA-1024, for a lot of reasons similar to the ones in the website you linked. However, there's a big difference between saying "I don't like DSA-1024," and "DSA-1024 is insecure and shouldn't be used." At present, it appears that breaking DSA-1024 is within the realm of plausibility for ridiculously well-equipped adversaries who are willing to spend astronomically absurd sums on breaking your key. Some people think this means "DSA-1024 is broken, don't use it." This seems to be pretty ignorant of history. During the Cold War, the NSA spent absurd amounts of money designing beautiful, elegant ciphers, and training very skilled cipher clerks. The KGB spent small amounts of money on beautiful, elegant women and sending them to these lonely, far-from-home cipher clerks. You can figure out who was in the habit of winning those games of Spy-Vs.-Spy. The moral of the story: no one with two brain cells to rub together is going to attack DSA-1024 cryptanalytically. Not now, and not for the reasonable future. It's going to be much, much faster and cheaper to use other kinds of attacks, attacks which are just as useful against RSA-4096 as DSA-1024. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
