Perry E. Metzger wrote:
Ian G <[EMAIL PROTECTED]> writes:
Travis H. wrote:
I'd like to make a long-term key for signing communication keys using
GPG and I'm wondering what the current recommendation is for such. I
remember a problem with Elgamal signing keys and I'm under the
impression that the 1024 bit strength provided by p in the DSA is not
sufficiently strong when compared to my encryption keys, which are
typically at least 4096-bit D/H, which I typically use for a year.
1. Signing keys face a different set of
non-crypto threats than to encryption
keys. In practice, the attack envelope
is much smaller, less likely.
I call "bull".
You have no idea what his usage pattern is like, and you have no idea
what the consequences for him of a forged signature key might be. It
is therefore unreasonable -- indeed, unprofessional -- to make such
claims off the cuff.
You seem to have missed the next sentance:
".... Unless you have
particular circumstances, it's not
as important to have massive strength in
signing keys as it is in encryption keys."
As he asked "what the current recommendation
is" it seems reasonable to assume the general
case, not the particular, and invite him to
elaborate if so needed. Etc etc.
Errata - if you (Travis) are using 4096-bit D/H
as your encryption keys, you might want something
a bit beefier for signing keys. Check out
the key length calculator:
http://www.keylength.com/
and click on "NIST 2005 Recommendations" and
also "ECRYPT 2005 Report" for comparison.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
