[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "upgrading" my gpg key

On Mon, Jan 04, 2010 at 10:34:14PM +0100, Lionel Elie Mamane wrote:
> On Mon, Jan 04, 2010 at 08:36:32PM +0000, brian m. carlson wrote:
> > (...) For maximum long-term security, I recommend a 3072-bit DSA key
> > (preferably with SHA-512) or a 4096-bit RSA key.
> I seriously recommend a RSA key over a DSA key; DSA has this horrible
> property that you leak bits of your private key with every signature
> done on a computer with cryptographically weak random numbers source!

This is true; however, most people limit their keys to machines that
they physically control.  For me, that's two Debian machines, and I
trust that /dev/random and /dev/urandom are cryptographically secure.

Also, assuming that breaking DSA requires solving the Discrete Logarithm
Problem and that breaking RSA requires solving the Factoring Problem,
breaking DSA is harder than breaking RSA.  That is, if you solve the
DLP, you can solve the FP, but not the other way around.

Also, RSA has been studied more than DSA, since it's older and arguably
more popular.  DSA also has a limited number of valid configurations for
key size (choices for p and q) and hash algorithms, according to NIST;
RSA has no such restrictions.

These are all things to consider.  Personally, I use an RSA key, but
other reasonable people could come to a different decision.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: