Safety of the key and it's length

David Shaw dshaw at jabberwocky.com
Mon Jan 26 17:31:16 CET 2009


On Mon, Jan 26, 2009 at 10:06:45AM -0500, James P. Howard, II wrote:
> On Jan 26, 2009, at 10:01 AM, Robert J. Hansen wrote:
>
>> Even a small key, 1024 bits, is probably much more secure than you  
>> are.
>> If your traffic is encrypted with even a 1k key, the likelihood of
>> someone attacking your traffic cryptanalytically is about zero.   
>> They'll
>> decide to try other means instead.
>>
>> It's best not to obsess over key size.  Larger is not better, but it's
>> not as if it hurts you, either.
>
> There are some ancient keys out there which are 512 bits (and I think  
> I've seen smaller).  Are these likely still secure enough to use?

It depends on who you need it to be secure against.  If we're talking
about protecting something from your roommate, then yes.  If we're
talking about protecting something from even a moderately funded
attacker, then no.

By way of example, a 512-bit number was factored way back in 1999.  It
took 5 months on around 300 machines running at 200-600 Mhz.  Today,
10 years later, I can buy multicore processors running at 3Ghz at the
office supply store down the street.  It would be interesting to see
how long such a job would take nowadays: even if we account for the
vast increase in computer performance, and the vast reduction in cost,
we also know more about how to attack the problem than we did 10 years
ago.

David



More information about the Gnupg-users mailing list