RSA 4096 ridiculous? (was RSA 1024 ridiculous)

Henry Hertz Hobbit hhhobbit at securemecca.net
Wed Jun 20 17:28:26 CEST 2007 

Snoken wrote:
> Hi,
> Interoperability with PGP 8 matters too.
> Signatures made with RSA 4096-keys (or shorter) and SHA256 can be
> verified by users of PGP 8.
> N.B. Not any other new hashes!
> Please note the option: --pgp8
> Snoken

What I was trying to do was bring a real world perspective to
this question. Are you using PGP 8?  Do you know anybody who
is using PGP 8?

http://www.pgpi.org
http://www.pgpi.org/news/#20021203
(personally, I think they should close the web pages down,
 I get all the history I need on the History channel on TV)

Since PGP 8 was released in December 2002 and nothing has been
done with it for 4-1/2 years now, it is getting pretty long in
tooth.  PGP Corporation is up to at least PGP 10.x the last time
I checked (last year).  I would advise people using software that
is that old (PGP 8) to update to newer stuff. Whether they drag
the keys they created with PGP 8 along with them is up to them.
I haven't had any problems with building GnuPG 1.4.x for either
FreeBSD or OpenBSD. It of course works with all versions of
Linux, Mac OS X, and Windows. I won't discuss the GnuPG 2.0.X
line since it hasn't been built for Windows yet.  Most of the
people using my SIGS to verify that what I have provided is
kosher will be using Microsoft Windows. They will outnumber
Linux users by a factor of at least 4:1.  They will also take
the GnuPG defaults (with a key that lasts forever - how
optimistic). There will be a smattering of Mac and other OS
users.  But they will *ALL* be working from a desktop system.
They may have a PDA, but that is a secondary platform for them.

Werner cautioned that a key size this large (4096R) causes
severe problems with PDAs with limited CPU power and a large
number of signatures on each key. I have absolutely no reason
to doubt his statements and accept them as true.  I don't see
my keys being used with either of those constraints.  What I
am providing is for end user desktop systems and I cannot
foresee these keys which will be part of the WOT as having more
than just a few sigs. Most of the people using what I am
providing have even more powerful machines than I have. You see,
I gave you the actual stuff that is going to be signed - a
blocking hosts file and PAC filter that blocks broad swaths of
the Internet. I am still working on the Ad filtering stuff.
Most web sites that can detect AdBlock Plus in Firefox still
can't detect the presence of a PAC filter. These keys are NOT
the keys that are used with this email account (still 1024 bit
DSA for at least a year and I see no valid reason to change
it - it works well).

Caution and experience teaches me that you never know for
sure how something will end up being used.  Just because it
is technically feasible to use a 4096 bit RSA key doesn't
mean it is the optimal choice.  Each person's choice has to
be tailored to how they and *OTHERS* will use that key. Keep
the *OTHERS* in mind when you make your choices. We have
already established that 1024 bit RSA keys still have a few years
of TECHNICAL life left in them (which should also hold true for
DSA keys as well).  But CPUs just keep getting faster (even on
PDAs - where did the Hobbit chip go?), and I don't foresee anybody
using my keys on a PDA.  If they do, at least they won't have a
lot of sigs on that particular key.  I worked on the nascent PDAs
with the PenPoint OS. The hand writing recognition I worked on
was infinitely superior to what exists now if you ask me. But
for the life of me I can't understand somebody using these keys
on that limited of a platform.  If they do, it will only be for
one or two questions to me and answers from me and after that
they will just delete my key on their PDA.  That has been my
experience up to now and I see no reason for it to change. In
other words, I don't foresee anybody other than desktop platform
users who will be using this key (it does NOT replace my present
key). But that sig will be infinitely better than a check sum
that anybody can change. At this point I am still leaning toward
the maximum which may be seen as a minimum eight years from now.
I am always looking toward the future.  I also want something
that people can't even question from a technical perspective.
Keep that last statement in mind. If I have to, I will remove
keys entirely (secure remove written by myself) for tricky
operations with bad hosts on the Internet And don't think for
one minute that Linux systems are secure from all Internet
attacks - THEY ARE NOT SECURE FROM ALL OF THEM!  That holds
for Mac OS-X and *BSD as well.

HHH
-- 
Why hack in when you can drive in on Hwys. 80, 110, 194, 220, 443, 993,
994 & 995?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070620/9e8883cf/attachment.pgp

More information about the Gnupg-users mailing list