Oskar L. wrote: > - They don't have a 1024 bit limit, like DSA has. I know "DSA2" can > have larger keys, but last I heard PGP can't use them.
The latest versions of PGP support them. > - RSA is faster. If you are repeatedly encrypting and/or decrypting enormous files, then yes, this is potentially an issue. Otherwise, there is no practical difference in speed you will notice. > I can't understand why RSA isn't the default. The OpenPGP specification came out in the late nineties. RSA did not enter the public domain until August of 2000. The IETF refused--rightly so--to make a patented algorithm the default OpenPGP algorithm. > The only argument defending DSA I've heard is that DSA creates > smaller signatures. Is this really so important to people that they > are willing to give up all the benefits of RSA for it? This implicitly casts RSA as being somehow universally superior. It's not. Nor is it inferior. In a couple of very narrow fields, RSA is superior. In others, DSA is probably superior. In yet others, Rabin signatures are probably best. (Me, I've wondered for years why OpenPGP doesn't support Rabin; it's a beautifully elegant algorithm. And then I kick myself and say "duh, to keep the number of algorithms down, just like with Lamport signatures and WHIRLPOOL!", and go on with my business.) > Why was the sixth option removed? Because it's a deprecated key style. There's nothing inherently wrong with it, but most authorities today recommend using separate signing and encryption keys. > By the way, is there a security or performance difference between a > RSA (sign and encrypt) keypair with no subkeys, and a RSA (sign only) > keypair with a RSA (encrypt only) subkey? Only when it comes to recovering from a security-related incident. If the cops come by and force you to give the private part of a key used to encrypt a message, fine, you can do so without yielding your signing key. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
