Long Key Performance

Enzo Michelangeli em at who.net
Sun Apr 21 05:57:02 CEST 2002


I think that several people here are missing an important point: it's not
for the developer to decide what the security needs of each user may
"reasonably" be. Or inquire what their reasons are, as Justin did (is this a
sign of post-911 syndrome?).

There is a BIG difference (both philosophic and practical) between warning
someone, and making decisions on his behalf, in the assumption of knowing
better. A more useful service to the users, rather than preventing them from
using lage keys, would be to document the best guesstimates of CPU power to
use and to break each link of the chain: PK with various keysizes; symmetric
cipher; RNG; hash, for signatures; platform-specific weaknesses etc. Then,
let the user decide how many CPU cycles s/he wants to burn.

Current estimates seems to assume that 256-bit ciphers like Rijndael-256 are
as hard to break as 16Kbit RSA or DH keys (and about 512-bit ECC keys); that
means that the symmetric cipher part is now massively more secure than the
PK one. It's reasonable to assume that theoretical advances will skew this
ratio further: so, why do we dismiss the idea of balancing it, especially
considering that the cipher key protects only one message, but the PK
keypair protects a large number of them?

Enzo

----- Original Message -----
From: "Gordon Worley" <redbird at rbisland.cx>
To: <gnupg-devel at gnupg.org>
Sent: Sunday, 21 April, 2002 4:13 AM
Subject: Re: Long Key Performance


>
> > ----- Original Message -----
> > From: Anonymous <anonymous at anonymizer.com>
> > To: <gnupg-devel at gnupg.org>
> > Sent: Saturday, April 20, 2002 2:28 PM
> > Subject: Re: Long Key Performance
> >
> >
> >
> >> The goal is not to be secure for the next 18 months.  The goal is to
> >> keep mail private for all time.
>
> This is a poor goal choice.  As it stands, you can't expect to make
> something secure forever.  Eventually, even if it takes 5 million years
> or more, someone will be able to simply brute force whatever security
> method you put on something.  Keeping something secure forever would
> require a whole new kind of cryptography scheme.  For now, you just have
> to decide how long you'd like to keep something secure.  Maybe for you
> that's 200 years?  For me, in most cases, it's several months to a few
> years.  You have to make this decision for yourself.  Again, if you need
> more than several years, I think it's safe to say that your security
> needs exceed those of general users and you should consider a custom
> solution.
>
> --
> Gordon Worley                     `When I use a word,' Humpty Dumpty
> http://www.rbisland.cx/            said, `it means just what I choose
> redbird at rbisland.cx                it to mean--neither more nor less.'
> PGP:  0xBBD3B003                                  --Lewis Carroll
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel






More information about the Gnupg-devel mailing list