[Cryptography] NSA’s FAQs Demystify the Demise of Suite B
Hanno Böck
hanno at hboeck.de
Thu Feb 11 14:27:09 EST 2016
On Thu, 11 Feb 2016 07:38:06 -0800
Francisco Corella <fcorella at pomcor.com> wrote:
> The FAQs make sense, but do not explain one detail: why DSA has been
> omitted from the CNSA Suite. In the blog post I argue that DSA is
> being dropped at the wrong time.
You miss two major reasons why people don't like DSA:
1. It's extremely fragile when it comes to bad random numbers. Use it
once with a bad RNG: Your key is compromised.
2. DSA was limited to 1024 bit for a long time, a 2048 bit option was
only added later. For many implementations this means either use it
with 1024 bit or not at all.
Given that I find it reasonable to drop support (and I have strongly
argued for the removal from TLS 1.3).
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160211/c8b79f4a/attachment.sig>
More information about the cryptography
mailing list