Give a detailed description of the DSA security.

544    Asked by AdamLipscomb in Cyber Security , Asked on Feb 9, 2022

 However, according to a page I recently read, DSA compromises your security if anyone is sniffing your packets when you use the key. And according to this page, DSA is limited to 1024 bits.


If those claims are true, I can't see any reason to ever use DSA keys. The policy of the company I'm working at, however, will only allow DSA keys.


What is the truth? Is the use of DSA really reducing security as much as it appears to me?


Answered by Anisha Dalal

Looking at your two issues:


Using a bad RNG leaks the private key This is a problem with the way DSA security is usually described and implemented, but not an inherent problem of DSA. You can implement DSA deterministically to avoid this problem. I think it's a flaw in typical implementations, and should be fixed. But apparently those who work on these implementations disagree, or want to follow some flawed standard procedures. Systems with a broken RNG are a big problem, no matter which crypto you use. For example it will often totally break confidentiality of your encrypted connections because the session keys are bad. Avoid these systems at all costs.Matthew Green wrote a blog-post on the issues a bad RNG causes: Surviving a bad RNG

DSA is limited to 1024  Some older standards(FIPS 186-2) mandate 1024 bit keys, and some implementations might be limited to that size. But the newer standard FIPS 186-3 allows them, and many implementations support 2048 bit keys. So I don't think this is relevant anymore. If those claims are true, I can't see any reason to ever use DSA keys [over RSA keys] There is little reason to use finite field DSA over RSA. They have similar performance at similar security levels. But ECDSA, which is DSA on elliptic curves, offers better performance (at least for signing) at high security levels. So there are reasons for using it, despite weakness to broken RNGs.



Your Answer

Interviews

Parent Categories