Long Key Performance
anonymous at anonymizer.com
Fri Apr 19 23:23:01 CEST 2002
David Shaw wrote:
>On Fri, Apr 19, 2002 at 11:07:00AM -0700, Anonymous wrote:
>> It seems really weird to me that the gpg team has decided it's somehow
>> sinful for people to use long keys. If they want to, why not let
>GnuPG does let them. It asks that they consider what they are doing
>first, but then lets them do whatever they want.
Sure, but it asks in a scary way. It makes it sound like you are
about to delete your disk or something. ;-)
The alternate warning message is relatively sober and accurate. It's
easy to change. I assume nobody seriously considers this a debatable
>> 3. The key database is extremely slow. On my machine it seems to
>> search only 150 keys/second or so. It's somewhat amusing that long
>> keys are considered a serious performance problem, but retrieving keys
>> off the disk is apparently not.
>It was considered a serious performance problem. 1.0.7 has a brand
>new trust database that's extremely fast.
Okay, so you guys are awesome. That's great!
>Let's try and drag this back to what the actual problem is. You want
>GnuPG to be able to make big keys - no problem, it can. You want
>GnuPG to be able to use big keys - no problem, it can. It seems you
>just don't like the wording of the warning message.
Sorry for the confusion. I started out asking for one thing and it
morphed into another.
The warning message should be changed.
I am also arguing that the 4096 bit key limitation should be lifted.
It's okay to tell people that long keys can be slow, but they should
be allowed to try them out if they want.
More generally, I am objecting to this bad meme in the crypto
community that it's somehow distasteful for people to use
exceptionally large key sizes. Actually, we should encourage people
who make some extra effort to secure their communications.
It's also reasonable to discuss other attacks and whether the extra
cost of a large key is worth it. But, it's not reasonable to stop
people who want to use large keys from doing so.
FYI, I *am* going to get what I want. The only question is whether it
happens via gpg or something else.
More information about the Gnupg-devel