[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bigger DSA keys



On Sun, 18 Sep 2005 14:52:45 +0100, Ian G said:

>> How about because generating 2048 bit primes already takes long
>> enough, and 3072 takes ages?

> Numbers?

A quick test shows about 4 seconds for 2048 bit and 21 seconds for
3072.  However this includes the time required to gather enough
randomness; further tests took much longer very likely due to a lack
of entropy in the machine.  Most applications don't need to generate
keys very ofthen, thus this should not be a problem.

OTOH, verification is used very often.  Here are number from
Libgcrypt:

DSA 100 times    sign  verify
-----------------------------
DSA 1024/160    910ms   430ms
DSA 2048/224   1560ms  1890ms
DSA 3072/256   3610ms  4380ms

(The numbers for sign are not very reliable because it employs the
RNG and I could not adjust for it)

3072 takes more more than double the time of 2048 which is not too
bad.  Compared to 1024 this is a real slowdown and would make key
signature verification a very time consuming operation.  On slow
machines (embedded devices, older hardware) this would be very
annoying.


Shalom-Salam,

   Werner