Multiple encryption subkeys
Adrian 'Dagurashibanipal' von Bidder
avbidder@fortytwo.ch
Tue Apr 29 21:10:02 2003
--Boundary-02=_b5sr+IDfMxmeyQ+
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Tuesday 29 April 2003 19:15, Dennis Lambe Jr. wrote:
[multiple subkeys with various strengths]
> 1) Is this a worthwhile endeavor, cryptographically speaking? That is
> to say, am I justified in wanting to do this, or is there something I've
> overlooked that makes this a bad or useless application of subkeys?
I guess the idea is not bad. However, you'd have to match the strength of t=
he=20
public key encryption to the strength of the underlying block cipher - I=20
don't have data on this, but I when you use a 128bit block cipher with a 20=
48=20
public key, the block cipher is much easier to break, so with going to=20
4096bit public key you don't gain anything.
If you want to do this really seriously, you'll need to read up on the curr=
ent=20
best known attacks on the various block ciphers and the public key algorith=
ms=20
and make sure that you really gain security by using a stronger public key.
> 4) A lot of messages I read from 2002 and earlier this year suggest that
> many keyservers are still having difficulty with multiple subkeys. Is
> this still the case, or have there been recent positive developments in
> that area? What's the official gnupg-users party line on the use of
> keyservers with multiple subkeys? Is it still "use kjsl.com and pray"?
Yes, this still is mostly the case. One or two of the pksd keyservers and t=
he=20
keyservers running sks don't have the subkey problem, and gnupg 1.2.1 has=20
logic to recover as far as possible when it receives a broken key. Problem=
=20
with the pksd keyservers is that Jason Harris still thinks that his patch i=
s=20
not as perfect as it should be and therefore has not released it yet.
cheers
=2D- vbi
=2D-=20
OpenPGP encrypted mail welcome - my key: http://fortytwo.ch/gpg/92082481
--Boundary-02=_b5sr+IDfMxmeyQ+
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iKcEABECAGcFAj6uzltgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fWvDYAoPBxezE5OgM6CuhE5+sImT8P
4EIaAKCLS0ezgAoVWBIKNzG0JNhiNBh3pg==
=6kad
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d
--Boundary-02=_b5sr+IDfMxmeyQ+--