How secure is GnuPG

[Brian M. Carlson]

--QRj9sO5tAVLaXnSD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 23, 2002 at 03:30:23PM -0400, Daniel Carrera wrote:
>=20
> Thanks for the help.  I have a few more questions.
>=20
> > In any event, it is perfectly reasonable to make 2048 bit (or larger)
> > RSA keys if you prefer.
>=20
> Is there any drawback to using a 2048 bit key?  I know that it'll take
> longer to make the key the first time, but I don't care.  That's a
> one-time thing.
>=20
> I figure that there must be some sort of tradeoff other than the original
> key generation.  Otherwise everyone would be using a 4096 bit key.
>=20
>=20
> > It means you need to upgrade :)  GnuPG 1.0.7 includes RSA key generatio=
n.
>=20
> Is it actually important to upgrade?
> Is it difficult to upgrade?  I mean, will my current public and private
> key rings still work?  Will they have to be "translated" to RSA?

Yes. No, all you have to do is either install the package or build it.
Yes. No. RSA is an algorithm. If you want an RSA key, you'll have to
generate one. GnuPG has always (well, at least as far as I've used it)
supported RSA keys. Your key rings will be converted into a different
format, but that is only because of changes in the way GnuPG 1.0.7 stores
keys, not algorithm changes.
=20
> > > Am I safe with my 1024 bit ElGamal key?
> >
> > Depends who your attacker is.  Unless you're concerned about a large
> > government, then probably it is.
>=20
> Well, if there is no loss, I can just be a little paranoid and go for an
> unbreakable key.
>=20
> I kind of like the idea of having a key that is beyond human technology to
> break.  Would a 2048 bit key be beyond our technology to factor?

Probably so. I have 3 keys: a 2048 bit RSA v3 (old style) key, a 1024
bit DSA v4 key with a 4096 bit v4 Elgamal subkey, and a plain 4096 bit
Elgamal v4 key. I'd go for 4096, but that's just me. Really, as David
said, it depends on who your attacker is. If you're trying to keep data
away from the NSA (or the equivalent thereof in Canada), then larger is
much much better. Otherwise, yes, you can settle for 2048.

> Also, how complex should my passphrase be?
> I chose my passphrase so that guessing it would be roughly equal to
> guessing a 128-bit key.  I figure that anymore would be overkill because
> it'd be easier to crack the 128-bit key, and any less would compromise the
> security of the 128-bit key.
> Am I right?

Yes, but most people don't have passphrases that are that long.
Something you should remember is that statistically, in English, each
letter has about 1.3 bits of entropy. Therefore, you need a 98/99
character passphrase.

One way to generate a suitable passphrase is (this will only work on
Unices):
dd if=3D/dev/random count=3D1 bs=3D16 | mimencode -b

All you have to do is memorize it. I don't even think the =3D=3D is
necessary.

--=20
Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553=
E7
The more you sweat in peace, the less you bleed in war.

--QRj9sO5tAVLaXnSD
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.90 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQFKBAEBAwA0BQI9Pb2wLRpodHRwOi8vZGVjb3kud294Lm9yZy9+Ym1jL29wZW5w
Z3AvcG9saWN5LnRleAAKCRDlkf/JVgVT54SUB/sHFQ/ub/Wq71ofLfqbL0p8mOQV
7Qjf1rMGwfbiHK32+r3xjyExW+eXmkv/GPiY7+DXInOhQaXnTDPiRhQTBoaX94FP
KWbA/As3aUp74JE90ceZkObThQDWp550PUXFAA405i0iLgo1hbDgK75iLxnJIzou
h9hIeVk+aRuZRfqzeGF1D5F5HQSAYTSpeVTgVv31il0/mut+pPuuAg9A9/rqwKth
zFn14pGGVuPzaNlfehKNlzBLiBDeIyIWXo4Fm9OApLxXliy5i+CIJJM1KgbrI18y
9Yw5HVQnpkK9kz9ECL4oKiLsz/yGEANPfmW7+MTwziyc9z730Il9iWWXVCnu
=cioG
-----END PGP SIGNATURE-----
Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex

--QRj9sO5tAVLaXnSD--