There is a need to combine algorithms of different kind. Since the security of the chain is that of its weakest links - it necessitates comparison between those different algorithms. Thus the assertion that the algorithms combined together should match each other in strength, to avoid both weakening the combination below acceptable pre-defined limit and paying unneeded penalty in performance.
One alternative is combining the strongest known algorithms and pay the penalty in performance (and nobody seems to favor this option). I hope I answered your question, and I'm repeating mine: what is your alternative? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Salz, Rich Sent: Sunday, September 4, 2016 14:42 To: openssl-users@openssl.org Reply To: openssl-users@openssl.org Subject: Re: [openssl-users] More secure use of DSA? > So what's your proposed method of combining algorithms? You reject the > commonly accepted approach, but when asked to offer an alternative, you > start evading? Do you have no alternative then? Start evading. Sheesh. I made a casual comment and said YMMV, encouraging disagreement. Now I find myself being challenged. I am not thrilled with the tenor of this conversation. The needs of encryption aren't necessarily equivalent to the needs of authentication, nor digesting. Nobody has ever shown that they have to be equivalent strength. Why do they have to be? It's just asserted that they should match. I don't buy into that assertion, and will, instead, turn the question back: why do they have to be? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
