[openssl-users] More secure use of DSA?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Sun Sep 4 19:03:12 UTC 2016

There is a need to combine algorithms of different kind. Since the security of the chain is that of its weakest links - it necessitates comparison between those different algorithms. Thus the assertion that the algorithms combined together should match each other in strength, to avoid both weakening the combination below acceptable pre-defined limit and paying unneeded penalty in performance. 

One alternative is combining the strongest known algorithms and pay the penalty in performance (and nobody seems to favor this option).  

I hope I answered your question, and I'm repeating mine: what is your alternative?

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: Salz, Rich
Sent: Sunday, September 4, 2016 14:42
To: openssl-users at openssl.org
Reply To: openssl-users at openssl.org
Subject: Re: [openssl-users] More secure use of DSA?

> So what's your proposed method of combining algorithms?‎ You reject the
> commonly accepted approach, but when asked to offer an alternative, you
> start evading? Do you have no alternative then?

Start evading. Sheesh.

I made a casual comment and said YMMV, encouraging disagreement. Now I find myself being challenged. I am not thrilled with the tenor of this conversation.

The needs of encryption aren't necessarily equivalent to the needs of authentication, nor digesting. Nobody has ever shown that they have to be equivalent strength. Why do they have to be? It's just asserted that they should match. I don't buy into that assertion, and will, instead, turn the question back: why do they have to be? 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160904/e10d8d8a/attachment.bin>

More information about the openssl-users mailing list