Long Key Performance
redbird at rbisland.cx
Sat Apr 20 22:25:02 CEST 2002
On Saturday, April 20, 2002, at 01:37 PM, Anonymous wrote:
>> But I know that there are hundreds of far easier ways to achieve a
>> goal. Why breaking the front door when you can easily walk in
>> through the unlocked back door.
> You are not addressing the points raised.
This is the point. Current key lengths are long enough since making
them much longer doesn't make much sense in cases for general users. In
short, until such time that other parts of your system are more secure,
keys longer than 4096 bits don't make any sense. In some sense, it's
not ethical to allow users to create huge keys that won't protect them
since, if someone wants to make an attack, they'll just pick another way
of doing it. If you make huge, 16 kb keys, it's easier just to brute
force the smaller symmetric key that was actually used to encrypt the
message. Again, if you need more security than a general user program
like GnuPG offers, it's time for a custom solution.
Besides, I think it's fair to expect your keys to eventually become
obsolete. My personal solution to this is that I have my public DSA key
that will probably keep for 5-10+ years. Then I have subkeys for
encryption and signing. If these ever get too weak, I can always revoke
them and generate new, longer keys as necessary. In 10 years I expect
to probably have to get a new public key. Yes, it will suck to have to
regenerate my web of trust by that time, but that's one of the costs of
upgrading keys. And, who knows, by that time someone may have developed
a good means of helping users transfer their webs of trust to new keys.
Gordon Worley `When I use a word,' Humpty Dumpty
http://www.rbisland.cx/ said, `it means just what I choose
redbird at rbisland.cx it to mean--neither more nor less.'
PGP: 0xBBD3B003 --Lewis Carroll
More information about the Gnupg-devel