[pycrypto] Remove DSA because 1024bit is not safe
Dwayne Litzenberger
dlitz at dlitz.net
Mon Jan 28 09:28:30 PST 2013
That said, we should probably support the newer spec:
>>> from Crypto.PublicKey import DSA
>>> DSA.generate(3072)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/Crypto/PublicKey/DSA.py",
line 337, in generate
raise ValueError("Number of bits in p must be a multiple of 64
between 512 and 1024, not %d bits" % (bits,))
ValueError: Number of bits in p must be a multiple of 64 between 512
and 1024, not 3072 bits
On 01/28/2013 02:21 AM, Legrandin wrote:
> I think you are looking at an older FIPS 186 spec.
> The current one allows 3072 bits for DSA.
>
> Besides that, DSA is based on a different hard problem than RSA.
> A 1024 bit DSA signature is somewhat more secure than a 1024 bit RSA
> signature.
>
> 2012/12/12 . <dcMhOYBdpZkH at web.de <mailto:dcMhOYBdpZkH at web.de>>
>
> It is important to consider 1024bit DSA - NIST says this too - not
> secure anymore, or do you want your messages to be readable within
> your lifetime?.
> Since DSA max. key size is 1024bit it's time to think
> about removing it completely from pycrypto and use RSA or ECC
> (with your
> own curves, not NIST's untrustable ones).
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net <mailto:pycrypto at lists.dlitz.net>
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
>
>
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20130128/fb41841c/attachment.html>
More information about the pycrypto
mailing list