On 9/2/16, 12:09 , "openssl-users on behalf of Salz, Rich" <openssl-users-bounces at openssl.org on behalf of rsalz at akamai.com> wrote: I thought DSA was more secure than RSA? Granted, "I thought" is a newbie understanding. This is completely wrong. If you have a consistently good source of randomness (in my environment RDRAND counts as such), then DSA is fine, and in theory is stronger than RSA because it relies on a harder mathematical problem. If your source of randomness is questionable ? DSA won?t be secure (as Rich said). Then of course there are the implementation issues ? the randomness source may be available, but does the application use it correctly? (I hope that for OpenSSL the answer is ?yes?, but I did not check, as I?m using RSA for work-related things, and ECC for fun. J) Suite B and its follow-up do not include DSA. RSA and ECC only, with a warning to stand by for PQC stuff. In summary: do what everybody else does ? use RSA. J -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160902/0c9a3fc1/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5227 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160902/0c9a3fc1/attachment.bin>
