[dns-operations] RSASHA256 versus RSASHA512

George Barwood george.barwood at blueyonder.co.uk
Sun Mar 6 00:12:25 UTC 2011

I'm trying to understand why RSASHA256 (algorithm 8) appears to be more popular than RSASHA512 (algorithm 10).

Keys and signatures are the same size, except that RSASHA512 keys are mandated to be at least 1024 bits rather than 512 bits.

Both were standardized at the same time in RFC 5702.

Computation speed is similar ( RSASHA512 is oriented towards 64 bit processors, which I guess will become dominant in the next few years ).

But RSASHA512 would seem to be a more conservative choice ( http://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validation ).

So I'm a bit puzzled, since RSASHA512 seems slightly preferable to me ( although I hardly expect that SHA256 will be practically broken any time soon ).

More information about the dns-operations mailing list