4096 bit keys

John Clizbe JPClizbe at tx.rr.com
Wed Mar 23 03:33:54 CET 2011


Jerome Baum wrote:
> Grant Olson <kgo at grant-olson.net> writes:
> 
>> On 03/22/2011 06:06 PM, Jonathan Ely wrote:
>>> I really wish 8192 would become available. Not that it would be the end
>>> all/be all of key security but according to your theory it sounds much
>>> more difficult to crack.
>>> 
>>
>> The actual cutting edge solution is to move from RSA to ECC.  Even a
>> 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP
>> SECRET materials, but ECC-521 is.
> 
> Isn't ECDSA really vulnerable  to reused and predictable signature seeds
> (don't know what they're called, I'm talking about "k")?

Depends more on the quality of your PRNG.

>> ECC actually is up-and-running in the beta for gpg 2.1, but
>> realistically it'll be (at least) a few years before it gets mainstream
>> adoption.

Could be in OpenPGP later this year. Camellia was fairly fast.

As I recall, there is some coordination among the OpenPGP ECC author and the
maintainers of other FOSS crypto software so they implement things in a
compatible manner. I believe they may be waiting for a SHA-3 algorithm to be
picked. It was discussed on the IETF-OpenPGP list late last year.

> 
> You loose any interoperability as  it's not OpenPGP, right? It certainly
> isn't in the commercial PGP. 

"It certainly isn't in the commercial PGP." Not Yet, although as Rob said, I'd
be surprised if PGP (symantec) didn't already have an ECC-enabled branch waiting
to release once the ECC OpenPGP Draft is adopted. Two reasons:

  1) One of the main initiatives of Suite B is the use of COTS,
     and the USG represents a VERY large market for PGP.

  2) The ECC-OpenPGP draft itself. Andrey Jivsov, the author,
     is with Symantec Corp (read PGP Corp).
     https://sites.google.com/site/brainhub/draft-jivsov-openpgp-ecc-07.txt

-- 
John P. Clizbe                      Inet:   John (a) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/12fc0f64/attachment.pgp>


More information about the Gnupg-users mailing list