Although most of this was way above my head at first reading (subsequent readings make more sense)... Thus spake Joseph Ashwood (ashwood@msn.com) [23/05/03 19:32]:
future DLP is inherently more difficult than IFP. PSS gains though in that without breaking any standard that I'm aware of the modulus can be extended indefinitely whereas DSA1 (don't recall DSA2 immediately having such an issue, but I don't recall DSA2 specifics immediately) has a standard limit of 1024-bit (the maths scales indefinitely though). The other thing to
Thanks! This was definitely a followup item -- in relation to PGP, why DSA signatures are always 1024-bit, even if I've got a 4096-bit key.
consider is speed, since you're using this for SSH, it may be important that the server be capable of more connections per time, in which case DSA is the clear winner (RSA wins for verification though for a typcial implementation).
Again, thanks -- this was yet another followup question.