Long Key Performance

[Gordon Worley]

On Saturday, April 20, 2002, at 01:37  PM, Anonymous wrote:

>> But I know that there are hundreds of far easier ways to achieve a
>> goal.  Why breaking the front door when you can easily walk in
>> through the unlocked back door.
>
> You are not addressing the points raised.

This is the point.  Current key lengths are long enough since making 
them much longer doesn't make much sense in cases for general users.  In 
short, until such time that other parts of your system are more secure, 
keys longer than 4096 bits don't make any sense.  In some sense, it's 
not ethical to allow users to create huge keys that won't protect them 
since, if someone wants to make an attack, they'll just pick another way 
of doing it.  If you make huge, 16 kb keys, it's easier just to brute 
force the smaller symmetric key that was actually used to encrypt the 
message.  Again, if you need more security than a general user program 
like GnuPG offers, it's time for a custom solution.

Besides, I think it's fair to expect your keys to eventually become 
obsolete.  My personal solution to this is that I have my public DSA key 
that will probably keep for 5-10+ years.  Then I have subkeys for 
encryption and signing.  If these ever get too weak, I can always revoke 
them and generate new, longer keys as necessary.  In 10 years I expect 
to probably have to get a new public key.  Yes, it will suck to have to 
regenerate my web of trust by that time, but that's one of the costs of 
upgrading keys.  And, who knows, by that time someone may have developed 
a good means of helping users transfer their webs of trust to new keys.

--
Gordon Worley                     `When I use a word,' Humpty Dumpty
http://www.rbisland.cx/            said, `it means just what I choose
redbird at rbisland.cx                it to mean--neither more nor less.'
PGP:  0xBBD3B003                                  --Lewis Carroll