how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities]
Chris Knadle
Chris.Knadle at coredump.us
Tue Sep 28 14:07:32 CEST 2010
On Monday 27 September 2010 15:51:10 Jameson Rollins wrote:
> On Mon, 27 Sep 2010 21:25:21 +0200, Ludwig Hügelschäfer
<mlisten at hammernoch.net> wrote:
> > Ack. 1.5 seconds is about the limit where a good GUI should issue a
> > reaction. This is where the human mind is starting to think there's
> > something wrong.
>
> We should be careful not to overstate the impatience of users too much.
> I've seen plenty of people wait many seconds for google maps to load on
> phones without giving up on the whole process. I also have an extremely
> slow machine were I routinely have to wait a long time (many seconds)
> for certain operations to complete. It's certainly not ideal, but I
> don't give up on those operations just because they take a little
> longer. I get used to it and figure out ways to deal.
>
> I'm not saying we shouldn't care about operations taking a noticeable
> amount of time, but I wouldn't state out-right that users will revolt
> and refuse to do something just because it takes more than a second.
>
> jamie.
There are GUI operations that can routinely take several seconds to complete,
such as sending an email via authenticated SMTP over TLS, opening an .ogv
file, converting a document to a .PDF, adding a picture to a big presentation,
etc. My personal threshold before I think something is wrong is somewhere
between 3-4 seconds for when I don't know something is computationally
expensive.
Encryption using a 4096-bit key is something I /expect/ is computationally
expensive, so if there's a few second delay there I wouldn't personally be
worried about it. In fact if I was using old or slow hardware and it only
took a couple of seconds to complete, I'd be pleased it was that fast. I'm
personally pleased at the performance I get from 4096R key encryption.
It's a good thing for speed be considered nonetheless, but there's also only
so much that can be done about it. There are organizations that have deemed
1024-bit DSA keys not to be secure enough [due to SHA-1 collisions], and some
have stated in this thread that encryption using 2048-bit and 4096-bit keys
"takes too long". To reconcile this, there are basically two choices in my
mind: A) grow patience, or B) tolerate being less secure... because I don't
think there's going to suddenly be a wild advance in code efficiency.
-- Chris
--
Chris Knadle
Chris.Knadle at coredump.us
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100928/57cc7388/attachment.pgp>
More information about the Gnupg-users
mailing list