Jack Lloyd wrote:
On Mon, Feb 26, 2007 at 01:17:24PM -0800, Justin Patrin wrote:
3) DSA can only sign less than 256 bits (140?) so moving to SHA-256
and DSA will be problematic.
DSA, algorithmically, can sign arbitrary size hashes, as long as you
choose a large enough q parameter. Until recently the standardized max
for q was 160 bits, FIPS 186-3 (currently in draft) allows longer q if
you use a longer p (q=256 is OK with p=2048 or 3072 bits).
The question is how attached we are to ssh-agent. It's very cool but
it's limiting in this regard. If we want to go with it, it's a question
of whether we can persuade it to accept 256-bit q. If we want to part
from it then there are a number of signature standards we could
contemplate, including ECDSA which is faster than DSA for the same
security and has smaller keys.
--
__
\/ o\ Paul Crowley, [EMAIL PROTECTED]
/\__/ http://www.ciphergoth.org/
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
