SSH Agent keys >4096 bit?
wk at gnupg.org
Fri May 4 12:40:53 CEST 2012
On Fri, 4 May 2012 12:07, hka at qbs.com.pl said:
> It still doesn't change the overall picture:
> 1. migrating to ECC is hard and complicated
Right, it will take years. But that is not a problem.
> 2. using 8k RSA is easy
I already told my opinion on this.
> That was written in 2003, nearly 10 years ago. They suggested using current
> day minimums when GPGPU didn't even exist and FPGAs with large memories were
> just surfacing.
A point that they don't consider is that the weakest link defines the
security of the system. They evaluate this only in terms of algorithms
but not from a software engineering POV. If you look at this this you
see that errors in the software (and hardware) are a far weaker link
than any theory on how long it will take to break a certain algorithm.
> possibly, still I'd guess that most of them are active, online attacks
We have been talking about SSH - this is online. Whether active or
passive doesn't matter. Email can also be considered online.
Backups are often offline and then you won't target the encryption but
the plaintext - having access to the hardware (which you need for
offline attacks) opens a long list of attack vectors and cryptography is
just one of them.
> but now we're in the hypothetical realm of vague possibility, such discussion
> is useless and suggest more that we "just have to throw away cryto as it's
> useless anyway" than anything else. Which, frankly, is bollocks.
Nobody said this.
> What has online/offline net connection anything to do with that? Storing
A lot. Online connections allow for active attacks on the participating
software. For off-line it is harder to mount attacks; but still
possible (cf. Stuxnet).
> have to be kept for 40 years (like I noted before). As regularly the most
> valuable information being passed over secure links are passwords and http
> cookies. Which basically never have validity of over 10 years and 1 year
Well, then I can't follow your arguments - we need 8k RSA despite that
the data needs to be protected only for a short term?
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users