>>    DSA
    > What is the cryptographic weakness of DSA that you are avoiding?
    It's a good question. I don't recall the specific reason why that was added 
    the list. Perhaps others can comment.

The only weakness I know about is that if you re-use the nonce, the private key 
is leaked. It's more brittle than RSA-PKCS, but not as flawed as RC4.

I think this should be removed from the "legacy" list unless someone can point 
out why it's like the others in the list.

Reply via email to