[cryptography] Duplicate primes in lots of RSA moduli

Alexander Klimov alserkli at inbox.ru
Wed Feb 15 11:50:32 EST 2012


On Wed, 15 Feb 2012, Ralph Holz wrote:

> But they reach this conclusion in the abstract that RSA is
> "significantly riskier" than ElGamal/DSA. In the body of the paper,
> they indicate (although they are much more defensive already) that
> this is due to the fact that you need two factors and more
> randomness to go into the key creation.

While the RSA may be easier to break if the entropy during the key
*generation* is low, the DSA is easier to break if the entropy during
the key *use* is low. Obviously, if you have access only to the public
keys, the first issue is more spectacular, but usually a key is used
more often than generated.

-- 
Regards,
ASK



More information about the cryptography mailing list