SSH Agent keys >4096 bit?

Werner Koch wk at
Fri May 4 12:40:53 CEST 2012

On Fri,  4 May 2012 12:07, hka at said:

> It still doesn't change the overall picture:
> 1. migrating to ECC is hard and complicated

Right, it will take years.  But that is not a problem.

> 2. using 8k RSA is easy

I already told my opinion on this.

> That was written in 2003, nearly 10 years ago. They suggested using current 
> day minimums when GPGPU didn't even exist and FPGAs with large memories were 
> just surfacing.

A point that they don't consider is that the weakest link defines the
security of the system.  They evaluate this only in terms of algorithms
but not from a software engineering POV.  If you look at this this you
see that errors in the software (and hardware) are a far weaker link
than any theory on how long it will take to break a certain algorithm.

> possibly, still I'd guess that most of them are active, online attacks

We have been talking about SSH - this is online.  Whether active or
passive doesn't matter.  Email can also be considered online.

Backups are often offline and then you won't target the encryption but
the plaintext - having access to the hardware (which you need for
offline attacks) opens a long list of attack vectors and cryptography is
just one of them.

> but now we're in the hypothetical realm of vague possibility, such discussion 
> is useless and suggest more that we "just have to throw away cryto as it's 
> useless anyway" than anything else. Which, frankly, is bollocks.

Nobody said this. 

> What has online/offline net connection anything to do with that? Storing 

A lot.  Online connections allow for active attacks on the participating
software.  For off-line it is harder to mount attacks; but still
possible (cf. Stuxnet).

> have to be kept for 40 years (like I noted before). As regularly the most 
> valuable information being passed over secure links are passwords and http 
> cookies. Which basically never have validity of over 10 years and 1 year 
> respecitvely.

Well, then I can't follow your arguments - we need 8k RSA despite that
the data needs to be protected only for a short term?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list