SSH Agent keys >4096 bit?

Kristian Fiskerstrand kf at sumptuouscapital.com
Thu May 3 21:24:18 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03.05.2012 21:09, Robert J. Hansen wrote:
> On 05/03/2012 01:14 PM, Ali Lown wrote:
>> Does anyone know why the limit is set at 4096 bits
> 
> The consensus of the cryptographic community is that beyond 3K keys
> you really need to be switching to elliptical-curve cryptography.
> A 3K RSA or Elgamal key is roughly as difficult to break by
> brute-force as AES128, and that one's so hard that nobody with two
> brain cells to rub together is going to try it.
> 
> Although I am not a GnuPG developer, I have never heard anything
> from the core devs which would make me think they are planning on
> revisiting this limit to allow for extraordinarily large keys.

Although GnuPG won't allow generation for larger keys than 4096 bits
without some hacking it will actually import and use such keys without
any modifications being needed (could try to import e.g. [1] from
[2]). So in that sense there seems to be some difference to the
reported behavior to ssh-agent.

Now, whether such a large key is really useful, that is indeed another
question.

[1] https://www.kfwebs.net/pgp/pubkey-large.txt
[2] http://www.kfwebs.net/news/603/15360-bit-OpenPGP-key

- -- 
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPotthAAoJEBbgz41rC5UIdSkQAIZ7h8aRF+pYjeOC1coPcnnP
6ZzU8gbYHlxD8V5nqgv09eQZ8R7iqSz2nXCW3uT4SYrNFs4dLQWqC64IGW419mfv
3RD66lEZx0iKukzmzSWeLhjGBECyhbQfSoKG8i78OXZPP8eUFziddheQMQix7yyK
wRcMNl1Rk0FoytlL7/DJOIzVrGJkwMeeZ+kgYunNlk+KokavW66eH0F837y3TmNi
M08JAgSXbogoDTP4y8opmnRjES8WdkvZHaOUkYN3YSPpMet7hCX8uyfGyJXDV+gi
l79f0ltLiEFj7IYYSXVKsJ2c28tEkDBMcz/meYoy4W0kEReuAKM5Kn+OJoSrMTHI
8pfNeBMiYmvpJjHptvxtQNT8G/OEsXQfzsJl34FrWxrHFqHH8v445L+yryDRJzNd
Xy/AWPqpz51RuLYpcLnYmBKt4630hdmnCJf5DSPh4mrnpDFry/ekL5nFXjKPTEq8
AdsyK9JVGKtxerS+OEGeHc6zKIcM6edZNiByyDMwwf8SsJeoq92N/4fO839FapZj
nmlow5lqGPMotrO2im4HzgWDXnRzmUbJJfsDsCRZYzIewT1Y9F313RQdP4taMQhB
lr1aDM5xrft4mnkKRMwHvNVBpWFdP04P1DaOdV5FTj1kJpDqmzD6U+bvKf6Sh/W4
e21RSyf988sHPzn93GGg
=FS9I
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list