[Ach] GPG - DSA or RSA?
Michael Zeltner
m at niij.org
Wed Nov 20 16:40:16 CET 2013
On 18 Nov 11:58, David Durvaux wrote:
> In the GPG section, we recommend DSA. For my mind, it's also what I would
> recommend but...
Maybe I'm not up to speed, especially given that I just joined the list
yesterday, but where is that recommendation? I don't see it in the GPG.tex
> I would then conclude with the usual answer: "Well, it depend" ;). Can we
> really recommend DSA instead of RSA? The biggest advantage of DSA seems to
> be it's compatbility with GPG wich is clearly important but not a valid
> crypto choice...
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Sensitivity
Depending on the kind of device the key is supposed to be used on (and given
there are GnuPG ports for Android being worked on these days - see
https://guardianproject.info/code/gnupg/ - there's interesting ideas also
because the YubiKey NEO exposes it's OpenPGP smartcard via NFC, of having a
NFC smartcard implementation to share keys between devices without having the
secret key material on them) I wouldn't always count on having enough entropy.
I have a very minimally set up airgapped machine where I ran out of entropy
multiple times while working on it.
> So, for me, we have basically 2 options:
> - remove any recommendation (at let the default choice: DSA/DSA ;))
RSA/RSA is the default choice in my GnuPG 2.0.22?
Personally, I haven't heard of anyone recommending DSA/Elgamal over RSA/RSA
recently? I'd love to find out if I'm really missing something despite being
subscribed to way too many mailing lists on this sort of topic …
Best from afar,
Michael
--
https://niij.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20131120/d1629ec1/attachment.sig>
More information about the Ach
mailing list