David Shaw dshaw at jabberwocky.com
Wed Sep 27 06:57:39 CEST 2006

On Tue, Sep 26, 2006 at 07:01:30PM -0500, Robert J. Hansen wrote:
> Carlo Luciano Bianco wrote:
> > Needless to say, I completely agree with both you and Werner on this.
> > This discussion about "balancing" security is very interesting [at
> > least for me... ;-)] from a theoretical point of view. I know very
> > well that using this extra-large keys does not add any security in
> > real life. 
> There's a contrary view, which says that balancing cryptosystem
> components is an unnecessary distraction.  This contrary view says that
> each component of a system should be built to meet or exceed security
> requirements while meeting or exceeding performance and usability
> requirements.  As long as each component is in that sweet spot, then
> you're great.

Indeed.  I'm not even sure this is a "contrary" view, as it is very
compatible with the idea of balance.  There is nothing invalid about a
8192-bit RSA key making SHA-1 signatures.  It just means that the
signature has at most 80 bits of strength.  The signer could have used
a 1024-bit RSA key and gotten the same 80 bits of strength, but that
doesn't make the 8192-bit signature wrong (just large).


More information about the Gnupg-devel mailing list