multiple subkeys and key transition

Faramir at
Fri Dec 10 03:21:20 CET 2010

Hash: SHA256

El 09-12-2010 16:17, Robert J. Hansen escribió:
> It is unlikely it ever will.  3K RSA keys are believed to be equivalent
> to a 128-bit symmetric key.  If computational power ever develops to
> that point, the solution is going to involve moving to entirely
> different algorithms instead of just tacking on another couple of bits.

  I might be wrong, but I remember Bruce Schneier used thermodynamic to
show it is not feasible to brute-force a 256 bits key, because the
energy required to do it would be too much (like all the energy
generated by the sun for several years, or something like that), even
considering the computer used is fast enough, and doesn't lose energy as
heat. It was somewhere in "Applied Cryptography, 2nd Ed." (search by
"Thermodynamic Limitations" title). But of course, a flaw in AES would
be a very different problem.

  Now, I'm not advocating for the usage of 32,768-bit RSA keys (nor
tweaking GnuPG to allow 8,192-bit keys), but I was thinking... What is
the key length of the OpenPGP implementation of Twofish? (I put Twofish
as an example, because of the for-now-useless flaws in AES 256). If it
is 256 bits, and provided the algorithm doesn't have flaws (or given it
doesn't get as much attention as AES, the flaws remain undiscovered), we
would already have "the ultimate symmetric algo" available, so we might
want to use the strongest asymmetric size currently available.

  And a question: does the computation power required to factor RSA keys
increase in lineal or more-than-lineal way?

  Best Regards
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list