[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bigger DSA keys

Werner Koch wrote:
DSA 100 times    sign  verify
DSA 1024/160    910ms   430ms
DSA 2048/224   1560ms  1890ms
DSA 3072/256   3610ms  4380ms

(The numbers for sign are not very reliable because it employs the
RNG and I could not adjust for it)

3072 takes more more than double the time of 2048 which is not too
bad.  Compared to 1024 this is a real slowdown and would make key
signature verification a very time consuming operation.  On slow
machines (embedded devices, older hardware) this would be very

Ah, ok, so this last point about slow / small hardware
platforms makes sense.  So we might be tempted to suggest
that implementations SHOULD verify any of the three lengths,
and let them choose which length to deliver for signing
beyond the MUST of 1024/160.

(Which is after all a minor side discussion in Hal's
thread of whether to wait or not.)