[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Removing Elgamal signatures




Hal Finney wrote:
> It would be good to see these results made available because
> they might turn out to be applicable to other types of keys
> that we might consider in the future.

While we're at it, I'd like the specification to include references to
the research that was the rationalization for using a small "k" for
encryption.  Given that a full-width "k" is impractical (for cost
reasons) and every implementation will be inclined to use a small "k",
it's important that we make note of the security limitations.
This is particularly true when they're based on the *relative*
performance of known methods, which can change over time.

[As I recall, the published PGP6 source code contained a comment with
a reference.  I don't have that handy, but perhaps someone here does.]