Where did Trust_ go?

Nathan Kennedy blaaf at hempseed.com
Fri Apr 9 08:39:11 CEST 1999

homega at vlc.servicom.es wrote:
> Tony L. Svanstrom dixit:
> > Peole often get confused about this "longer keys are better, but not if
> > they're too long"-argument. The fact is that longer keys are harder to
> > crack but at the same time a shorter uncrackable key is just as secure as a
> > longer one.
> You mean longer keys should as hard to crack as shorter ones (down to 512
> bits), JUST that they should take a bit longer, right?

No.  He means that if you want a weight too heavy to be carried off, you
can make it 500 pounds, 500,000 pounds, or 500,000,000,000 pounds (or
kilograms if you like).  A 1,024 bit DH key is about 500,000 pounds.  A
8,192 bit DH key is about 5 zillion.  Who are you trying to protect
against?  500,000,000,000 pounds is theoretically a million times "harder"
to lift than 500,000 pounds, but just as secure if nobody comes close to
even lifting 500 pounds.

> Why I generated those keys was simply because ... it was there, so let's
> have it.  I never use them since it takes far too long to sign (or encrypt)
> with them.  But W. Koch's answer made me curious about it, both because he
> said 2048bit DSA key was a strange thing, and b'c his opinion of a 8192bit
> DH key being far from reality.  I just have to take his word for it, but I
> liked to know why.

Hopefully you know why now.  Basically, unless the entire concept of DH/DSA
is subtly flawed, 1024 bits is so far out of range of the best available
techniques for discrete log (or prime factoring with RSA), that it is
inconceivable that conventional computing and mathematics will ever be able
to solve such problems in less than astronomical time (or even in
astronomical time).  Bloated keys just weigh down servers, rings, and
encryption time.


More information about the Gnupg-devel mailing list