Where did Trust_ go?

Tony L. Svanstrom tony at svanstrom.com
Thu Apr 8 21:45:43 CEST 1999


On Thu, 8 Apr 1999 homega at vlc.servicom.es wrote:

> Tony L. Svanstrom dixit:
> 
> > Peole often get confused about this "longer keys are better, but not if
> > they're too long"-argument. The fact is that longer keys are harder to
> > crack but at the same time a shorter uncrackable key is just as secure as a
> > longer one.
> 
> You mean longer keys should as hard to crack as shorter ones (down to 512
> bits), JUST that they should take a bit longer, right?

Eh... hmmm... *tries to think* *tries even harder to understand*
I'm not really sure what you're trying to say, but this is how you should
look upon it:
If you want to blow up something then you won't use 20 pounds of C4 if half
a pound of dynamite will do the job.

> > If you are using software that "only" handles 1024 bit RSA then you might
> > feel as if it isn't safe simply because you see people using 2048 bit keys
> > (or even 4096 bit long keys)
> 
> Correct, the feeling is as if you were using "outdated" cryptography.
> 
> > AND... if you really were to get paranoid then you might think that the
> > "problem" on which most cryptography is based might not be a problem for
> > secret agencyies and such,
> 
> Exactly!  but there's no need to get too paranoid to jump to that
> conclusion.  One thing is believing that some governments/agencies (may) know
> how to crack the code, a different thing is thinking that they might be
> interested in your private/business communications and waste the resources
> needed to break it.
> 
> Why I generated those keys was simply because ... it was there, so let's
> have it.  I never use them since it takes far too long to sign (or encrypt)
> with them.  But W. Koch's answer made me curious about it, both because he
> said 2048bit DSA key was a strange thing, and b'c his opinion of a 8192bit
> DH key being far from reality.  I just have to take his word for it, but I
> liked to know why.

Using RSA-keys that are too long to be compatible with PGP as we get it
from NetAss. (I don't really have a nything against 'em, I just happen to
like that abbreviation *G*) may not be the smartest thing to do but
RSA-keys can be that long; DSS/DSA on the other hand can not be longer than
1024 without not being DSA/DSS as the standard says.


	/Tony L. Svanstrom.com







More information about the Gnupg-devel mailing list