Linux crypto killer apllication

Robert J. Hansen rjh at sixdemonbag.org
Thu May 15 17:54:21 CEST 2008 

> Exactly what question am I begging?

The reasonableness of the choice to protect a secret for the rest of
one's life.

> I think it is reasonable to assume that people often have secrets
> that they want to take to their grave (at least).

I'd like to see some proof offered for this assertion, since it seems
quite broad and far-reaching.

> Everything I have read suggests that RSA 8192 will be broken within
> (some of) our lifetimes, so RSA 8192 or less is not enough.

Your crystal ball is a lot clearer than mine is, apparently.

If we're able to ever break large (>2kbit) RSA keys, it will only be
possible by either (a) advances in computational technology so vast they
are indistinguishable from magic, or (b) advances in mathematics so vast
they are indistinguishable from magic.

Look at Ron Rivest's original (1970s) estimates for how long it would
take to break RSA512.  Just thirty years later, those estimates were
overtaken by reality and technologies that in the 1970s would have been
considered magical.

> Modern computers can handle RSA 16,384 without too much difficulty

My cellphone is a modern computer, and it disagrees with you.  I imagine
the time to verify would be measured in minutes, not instants.

I also often have to take my cellphone onto 2.5G networks where the
total data rate is about 10kb/sec.  A 16kbit key would thus add
substantially to the delay in receiving my email.

> Even if it was impractical, there are other algorithms (ignored by
> gnupg) that are more efficient to use.

Not ignored, simply not implemented.  The OpenPGP WG is, right now,
discussing how to best add ECC to OpenPGP.

> I don't really see what sacrifices would have to be made, especially
> in terms of implementing gnupg.

That may be a sign you should think more about the problem domain.

> At what point should we quit trying then? Now?

Yes.

You cannot keep data secret forever.  Anyone who is storing secret data
needs to have disclosure plans -- what to do when, not if, those secrets
come to light.

A good set of contingency plans will do you worlds more good than
tacking a few bits onto your key.

More information about the Gnupg-users mailing list