--nextPart2671507.gmSH02rC7Z
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Thursday 14 September 2006 05:54, edbch wrote:

>
> Tanks.
> The fact of the version that run in OpenBSDs to allow bigger keys would be
> one bug? How this would place at risk my system?
>
> Eduardo


A bug ---- no. It is entirely possible to have DSA keys larger than 1024.=20

The statement was that "DSA keys must be exactly 1024 bits, according to th=
e=20
standard". The key word here is "according". The reasoning behind this =20
requirement is due to the fact that the larger key size also increases the=
=20
available attack vectors for the hash algorithm[1].

Simply put --- larger key sizes --- more risk of compromise. Hence the ceil=
ing=20
on the recommended DSA key size.

Thomas

[1]OpenBSD generally has better random number generation than most systems,=
=20
this is probably why it is authorized in this instance.

--nextPart2671507.gmSH02rC7Z
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBFCge0oR5cE1e/kEIRAiJWAKCCdoyjRcNoPXPohzbsgGYyEGIlBACfcdHm
iOo6bi6mY7WNxEyXDg3e5gg=
=vXPh
-----END PGP SIGNATURE-----

--nextPart2671507.gmSH02rC7Z--