Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
RSA / DSS (keylenghts)
ralf at senderek
Sep 21, 2000, 8:52 AM
Post #1 of 7 (556 views)
Permalink
On Thu, 21 Sep 2000, Simpson, Sam wrote:

> For a start: Elgamal keys are (currently thought to be...) stronger than
> RSA keys of the same size?
>
> (see for example: http://www.scramdisk.clara.net/pgpfaq.html#SubRSADH).
>
>
> Regards,
>
> Sam Simpson
> http://www.scramdisk.clara.net/


If you double the size of a RSA-modulus (i.e from 512 Bit to 1024 Bit)
there is a huge amount of possible new secret key values (factor 2^512)

BUT:

if you double the size of a DSS-key not one additional secret key value
is added because the amount of possible secret keys is limited by the
size of the hash-function (160 bits), Only the mathematical operation
will use a longer key (as modulus) and consequently takes more time.

Ralf Senderek


*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
* Ralf Senderek <ralf@senderek.de> * What is privacy *
* http://senderek.de * without *
* Tel.: 02432-3960 Sandstr. 60 D-41849 Wassenberg * PGP-2.6.3i? *
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
RE: RSA / DSS (keylenghts) [ In reply to ]
s.simpson at mia
Sep 21, 2000, 7:50 AM
Post #2 of 7 (556 views)
Permalink
The question was specifically RE RSA vs Egamal - not RSA vs DSS/DH...


Regards,

Sam Simpson

> -----Original Message-----
> From: Ralf Senderek [mailto:ralf@senderek.de]
> Sent: 21 September 2000 15:48
> To: Simpson, Sam
> Cc: gnupg-users@gnupg.org; jackmc-gnupg-users@lorentz.com
> Subject: RSA / DSS (keylenghts)
>
>
> On Thu, 21 Sep 2000, Simpson, Sam wrote:
>
> > For a start: Elgamal keys are (currently thought to be...)
> stronger than
> > RSA keys of the same size?
> >
> > (see for example:
> http://www.scramdisk.clara.net/pgpfaq.html#SubR> SADH).
> >
> >
> > Regards,
> >
> > Sam Simpson
> > http://www.scramdisk.clara.net/
>
>
> If you double the size of a RSA-modulus (i.e from 512 Bit to 1024 Bit)
> there is a huge amount of possible new secret key values
> (factor 2^512)
>
> BUT:
>
> if you double the size of a DSS-key not one additional secret
> key value
> is added because the amount of possible secret keys is limited by the
> size of the hash-function (160 bits), Only the mathematical operation
> will use a longer key (as modulus) and consequently takes more time.
>
> Ralf Senderek
>
>
> *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.
> *.*.*.*.*.*.*
> * Ralf Senderek <ralf@senderek.de> *
> What is privacy *
> * http://senderek.de *
> without *
> * Tel.: 02432-3960 Sandstr. 60 D-41849 Wassenberg *
> PGP-2.6.3i? *
> *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.
> *.*.*.*.*.*.*
>
--------------------------

Certain opinions expressed in this mail may be personal and may not be shared by Medical Insurance Agency Ltd or subsidiaries.

The information contained in this e-mail is confidential and may also be legally privileged. It is intended only for the stated addressee(s) and access to it by any other person is unauthorised. If you are not an addressee you must not disclose, copy, circulate or in any other way use or rely on the information contained in this email. Such unauthorised use may be unlawful. If you have received this e-mail in error then please inform 'postmaster@mia.co.uk' immediately and delete it and all copies from your system.

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: RSA / DSS (keylenghts) [ In reply to ]
Pete.Chown at skygate
Sep 21, 2000, 9:53 AM
Post #3 of 7 (555 views)
Permalink
Ralf Senderek wrote:

> if you double the size of a DSS-key not one additional secret key value
> is added because the amount of possible secret keys is limited by the
> size of the hash-function (160 bits), Only the mathematical operation
> will use a longer key (as modulus) and consequently takes more time.

This is true, but hopefully it makes cryptanalysis more difficult. By
the time you get to a 1024-bit modulus, it will take roughly the same
amount of time to solve either of the two possible discrete logarithm
problems. With a 512-bit modulus, it is (counterintuitively) much
easier to attack the 512-bit discrete logarithm problem rather than
the 160-bit one, because they have different characteristics. (I am
sure you already knew that though.)

There is no reason why you couldn't have a DSA key longer than 1024
bits (that I am aware of). However, to get any benefit from this you
would need to make the other modulus longer than 160 bits. This would
mean using a hash function other than SHA-1, for example Tiger/192.

--
Pete

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: RSA / DSS (keylenghts) [ In reply to ]
ralf at senderek
Sep 21, 2000, 12:05 PM
Post #4 of 7 (552 views)
Permalink
On Thu, 21 Sep 2000, Pete Chown wrote:


>
> There is no reason why you couldn't have a DSA key longer than 1024
> bits (that I am aware of). However, to get any benefit from this you
> would need to make the other modulus longer than 160 bits. This would
> mean using a hash function other than SHA-1, for example Tiger/192.

That's correct. But if you have to comply with American Standards (DSS)
this would not help, beacause DSS restricts p to 1024 bits and q to 160 bits.

Ralf.

*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
* Ralf Senderek <ralf@senderek.de> * What is privacy *
* http://senderek.de * without *
* Tel.: 02432-3960 Sandstr. 60 D-41849 Wassenberg * PGP-2.6.3i? *
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: RSA / DSS (keylenghts) [ In reply to ]
triazon at bigfoot
Sep 21, 2000, 6:57 PM
Post #5 of 7 (558 views)
Permalink
On Thu, Sep 21, 2000 at 05:53:38PM +0100, Pete Chown wrote:
> Ralf Senderek wrote:
>
> > if you double the size of a DSS-key not one additional secret key value
> > is added because the amount of possible secret keys is limited by the
> > size of the hash-function (160 bits), Only the mathematical operation
> > will use a longer key (as modulus) and consequently takes more time.
>
> This is true, but hopefully it makes cryptanalysis more difficult. By
> the time you get to a 1024-bit modulus, it will take roughly the same
> amount of time to solve either of the two possible discrete logarithm
> problems. With a 512-bit modulus, it is (counterintuitively) much
> easier to attack the 512-bit discrete logarithm problem rather than
> the 160-bit one, because they have different characteristics. (I am
> sure you already knew that though.)
>
> There is no reason why you couldn't have a DSA key longer than 1024
> bits (that I am aware of). However, to get any benefit from this you
> would need to make the other modulus longer than 160 bits. This would
> mean using a hash function other than SHA-1, for example Tiger/192.
>
> --
> Pete
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
So... what functionality did the gpg RSA upgrade really give us anyway?

Roger Brown
--
Get paid to spread the word...
Help distribute the Planetary Appeal.
PADN - Planetary Appeal Distribution Network
http://www.padn.org/index.html
Re: RSA / DSS (keylenghts) [ In reply to ]
wk at gnupg
Sep 22, 2000, 1:13 AM
Post #6 of 7 (555 views)
Permalink
On Thu, 21 Sep 2000, Ralf Senderek wrote:

> That's correct. But if you have to comply with American Standards (DSS)
> this would not help, beacause DSS restricts p to 1024 bits and q to 160 bits.

It does not make sense to talk whether 1024 bit or 2048 bit or
whatever is better. We have to look at the entire system and there
are a lot of things which are MUCH easier to attack than the
mathematical problems. Have a look at a PGP attack tree.

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: RSA / DSS (keylenghts) [ In reply to ]
johanw at vulcan
Sep 22, 2000, 10:02 AM
Post #7 of 7 (554 views)
Permalink
Mr. B wrote:

> So... what functionality did the gpg RSA upgrade really give us anyway?

Some bugfixes and enhancements. But further, now the RSA patent is passe
using the RSA plugin can now of course also be advertised without possible
problems.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal