key security

Steve Butler sbutler@fchn.com
Thu Apr 11 16:57:01 2002 

This is a multi-part message in MIME format.

------=_NextPart_000_1501D_01C1E12E.A42F6800
x-gfisavedcharset: iso-8859-1
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Security at which level?
 
If you are talking about the symetric cypher for each individual encryption,
then no.  The cypher is of a particular size and the size of you
public/private key doesn't affect that.
 
However, that cypher is probably more secure than your public/private key
anyway.  Breaking it only allows the hacker to read that one message.  So,
the hacher would really rather break your private key.  At that point a 2048
bit key provides more security than a 1024 bit key (provided both are picked
from an appropriately random pool of available numbers).
 
That said, it may be easier to go after your pass phrase than to break the
private key directly.  So, if you use the same level of pass phrase (length,
pool of characters, etc) then the security at this point doesn't change.  
 
My guess is that the pass phrase is the least secure link in this chain.
Where do chains break?
 
--Steve
 
-----Original Message-----
From: Jaya Christina [mailto:jayachristina@hotmail.com]
Sent: Thursday, April 11, 2002 12:58 AM
To: gnupg-users@gnupg.org
Subject: key security


Hi all,
 
Will using a 2048  bit key offer more security than a 1024 bit key.. or is
it not going to make any difference??
 
Jaya


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.


------=_NextPart_000_1501D_01C1E12E.A42F6800
x-gfisavedcharset: iso-8859-1
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 5.00.2920.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002>Security at which level?</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=228285114-11042002>If you 
are talking about the symetric cypher for each individual encryption, then 
no.&nbsp; The cypher is of a particular size and the size of you public/private 
key doesn't affect that.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002>However, that cypher is probably more secure than your 
public/private key anyway.&nbsp; Breaking it only allows the hacker to read that 
one message.&nbsp; So, the hacher would really rather break your private 
key.&nbsp; At that point a 2048 bit key provides more security than a 1024 bit 
key (provided both are picked from an appropriately random pool of available 
numbers).</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=228285114-11042002>That 
said, it may be easier to go after your pass phrase than to break the private 
key directly.&nbsp; So, if you use the same level of pass phrase (length, pool 
of characters, etc) then the security at this point doesn't change.&nbsp; 
</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=228285114-11042002>My 
guess is that the pass phrase is the least secure link in this chain.&nbsp; 
Where do chains break?</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002>--Steve</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=228285114-11042002></SPAN></FONT>&nbsp;</DIV>
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma 
size=2>-----Original Message-----<BR><B>From:</B> Jaya Christina 
[mailto:jayachristina@hotmail.com]<BR><B>Sent:</B> Thursday, April 11, 2002 
12:58 AM<BR><B>To:</B> gnupg-users@gnupg.org<BR><B>Subject:</B> key 
security<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Hi all,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Will using a 2048&nbsp; bit key offer more security 
than a 1024 bit key.. or is it not going to make any difference??</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Jaya</FONT></DIV></BODY></HTML>
<HTML><BODY><P><FONT color=#000000 face="Arial" size=2>CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.<BR></FONT></BODY></HTML>
------=_NextPart_000_1501D_01C1E12E.A42F6800--