RSA 1024 ridiculous
David Shaw
dshaw at jabberwocky.com
Sun Jun 17 20:48:03 CEST 2007
On Sun, Jun 17, 2007 at 01:20:17PM -0500, Andrew Berg wrote:
> Robert Hübener wrote:
> > Andrew Berg wrote:
> >> Try signing/encrypting files that are tens, hundreds, or
> >> thousands of megabytes in size. Sure, your average machine can
> >> sign/encrypt messages that don't even fill a cluster without
> >> breaking a sweat, but if the sensitive data is large, RSA-4096
> >> isn't a good choice unless a gov't agency wants that data.
> > The work for the RSA-part of the algorithm is always the same: It
> > only has to process either the hash of the message/file or the key
> > for the symmetric cipher.
> I don't completely understand. Does this mean that
> encryption/signature time is only dependent on the hash, and that RSA
> key size doesn't matter in this regard?
Not exactly. There are two main costs when signing a file: the cost
to hash the file, which is dependent on the size of the file and the
chosen hash algorithm. The other cost is the signing algorithm.
Since the data signed in a signature is the hash output, and since
hashes are generally tiny relative to the size of the file, this is
really the cost of the signing algorithm itself (the biggest hash
algorithm supported by GnuPG is SHA-512, and that's only 64 bytes
long).
David
More information about the Gnupg-users
mailing list