[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Removing Elgamal signatures
Hal Finney wrote:
> It would be good to see these results made available because
> they might turn out to be applicable to other types of keys
> that we might consider in the future.
While we're at it, I'd like the specification to include references to
the research that was the rationalization for using a small "k" for
encryption. Given that a full-width "k" is impractical (for cost
reasons) and every implementation will be inclined to use a small "k",
it's important that we make note of the security limitations.
This is particularly true when they're based on the *relative*
performance of known methods, which can change over time.
[As I recall, the published PGP6 source code contained a comment with
a reference. I don't have that handy, but perhaps someone here does.]