There is a need to combine algorithms of different kind. Since the security of the chain is that of its weakest links - it necessitates comparison between those different algorithms. Thus the assertion that the algorithms combined together should match each other in strength, to avoid both weakening the combination below acceptable pre-defined limit and paying unneeded penalty in performance.? One alternative is combining the strongest known algorithms and pay the penalty in performance (and nobody seems to favor this option). ? I hope I answered your question, and I'm repeating mine: what is your alternative? Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Salz, Rich Sent: Sunday, September 4, 2016 14:42 To: openssl-users at openssl.org Reply To: openssl-users at openssl.org Subject: Re: More secure use of DSA? > So what's your proposed method of combining algorithms?? You reject the > commonly accepted approach, but when asked to offer an alternative, you > start evading? Do you have no alternative then? Start evading. Sheesh. I made a casual comment and said YMMV, encouraging disagreement. Now I find myself being challenged. I am not thrilled with the tenor of this conversation. The needs of encryption aren't necessarily equivalent to the needs of authentication, nor digesting. Nobody has ever shown that they have to be equivalent strength. Why do they have to be? It's just asserted that they should match. I don't buy into that assertion, and will, instead, turn the question back: why do they have to be? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160904/e10d8d8a/attachment.bin>