1 |
On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: |
2 |
> On 01/12/2015 07:29 PM, Rich Freeman wrote: |
3 |
> > On Mon, Jan 12, 2015 at 1:06 PM, Kristian Fiskerstrand |
4 |
> > <k_f@g.o> wrote: |
5 |
> >> |
6 |
> >> One issue with DSA/ElGamal is the requirement for a random k |
7 |
> >> value while signing/encrypting, |
8 |
> > |
9 |
> > Thanks - that was very informative. I guess the thing that makes |
10 |
> > me more concerned about RSA is that Shor's algorithm makes it |
11 |
> > quite possible that it will be defeated at some point in the |
12 |
> > future, perhaps without public disclosure. |
13 |
> |
14 |
> Shor's would be effective against discrete logs (including ECC) as |
15 |
> well, so wouldn't be applicable to this selection. For post-quantum |
16 |
> asymmetric crypto we'd likely need e.g a lattice based primitive. |
17 |
|
18 |
Why not to use post-quantum signing together with a traditional one? |
19 |
app-crypt/codecrypt is already in tree and provides an GnuPG-like |
20 |
solution based on post-quantum cryptography. |
21 |
|
22 |
It would be no harm to use this solution together with GnuPG, e.g. |
23 |
have two detached signatures: a traditional RSA-4096 and a |
24 |
post-quantum one. |
25 |
|
26 |
Best regards, |
27 |
Andrew Savchenko |