SSH Agent keys >4096 bit?

[Milo]

Hello Robert, Hello all.

On 05/04/2012 02:40 PM, Robert J. Hansen wrote:
> On 05/04/2012 06:07 AM, Hubert Kario wrote:
>> It still doesn't change the overall picture:
>> 1. migrating to ECC is hard and complicated
>> 2. using 8k RSA is easy
> 
> Nor does it change
> 
> 3. using 8K RSA gives a modest increase to an already formidable
>    margin of security
> 
> Breaking a 128-bit keyspace is hard.  Like, really, really hard.  The
> power analysis on that one is eye-popping: to break a 128-bit keyspace
> in anything approaching a reasonable length of time requires an energy
> output on the level of a hypernova.  If you want to break a 128-bit
> keyspace, please do it in a galaxy far, far away.  So why do we need to
> increase a 128-bit keyspace (RSA-3K) to a 192-bit-plus-a-small-amount
> keyspace (RSA-8K)?

Well, many expect rise of the quantum computing during lives of most of us.
This can trash most (if not all) asymmetric algorithms (Shor's
algorithm) and reduce strength of symmetric ciphers in half (with for
example Grover's algorithm).

Beside this consider widespread usage of 256-bit symmetric ciphers. If
things you are writing are all the truth behind key length security we
are dealing with huge, mass overkill or even scam perhaps. But I think
we aren't.

> The obvious response is "to defend against enhanced attacks against RSA,
> such as quantum computing and Shor's Algorithm."  But that's just crazy.
>  Shor's Algorithm requires 2N qubits to break an N-bit key.  Right now
> we've got quantum computers that have, what, eight qubits?  Any RSA
> modulus smaller than sixteen is in trouble now, let me tell you.
> 
> An effective quantum computer with the 6144 qubits required to break a
> 3072-bit RSA key is straight out of science fiction.  This quantum
> computer would be more powerful than any conventional computer could
> ever be: a conventional computer would require 10**1850 bytes of storage
> -- and no, that is not a typo -- to compete against it: that should give
> you a sense of the outrageous scale involved.  There is no other way to
> describe this than science fiction.

Just like modern cellphones' CPU/GPUs are s-f from Apollo mission's
engineers' perspective, just like "640K ought to be enough for anybody"
and like 32-bit address space for IP protocol is more then enough.
History is showing quite clearly that such speculations despite - ofte
high - competencies of the authors are missed.

> If you want to defend against science fiction, well, go right ahead.
> But I think you should also defend against other sorts of fiction, and I
> look forward to hearing how your security model will incorporate G.I.
> Joe to fight off the hordes of blue-suited terrorists sent by Cobra
> Commander.
>
> And yes, I really do believe that worrying about the development of
> large-scale quantum computers is on the same level of seriousness as
> worrying about Cobra Commander.

"Believe" is good term when talking about aesthetics for example. This
isn't the same as being convinced about proper approach to technical
problems.

If you have proper background in genetics, fresh stream of information
from covert labs, bio black markets (is there such thing anyway?) its
worth to take your opinion into account.

Please try to avoid comedic undertone of your statements and comparisons
if you want to keep discussion's level sane.

>> What has online/offline net connection anything to do with that? Storing 
>> acquired information for 20 years is nothing extraordinary as far as 
>> intelligence agencies and highly motivated individuals are concerned.
> 
> How many petabytes are sent across the wire each day?  Do you really
> think people will be storing all of today's traffic for twenty years,
> just so some analyst not even born yet will someday be able to say,
> "wow, I really want to see what's in this random guy's porn stash!"?

Yeah, then leave your home open because "Wow, who want to check every
door in the world. So many of them".

Yeah, let's drop all the crypto (encryption) for common folk because
<put your arguments from above here>.

> If you have reason to believe you're a person of such interest to such
> professionals as would be likely to monitor and store your
> communications for twenty years, here's the only effective way to secure
> your communications: stop using any technology more sophisticated than a
> frying pan.
> 
> bin Laden didn't keep his communications secure by using large RSA keys.
>  He kept his communications secure by abandoning technology and using
> cut-outs to do his online transactions for him, and making them travel
> hundreds of kilometers away from Abottabad before checking into an
> internet cafe to send his traffic.

And this isn't proof for anything (especially guy is down now). At the
best this can be interesting case study. If someone was never caught
driving without driving license (where this is forbidden)
this doesn't mean that it doesn't make sens to have such license. This
is a common trap - you think it's not worth investing your time and
effort (if any) in some kind of approach/tools/procedures because you
believe there will be no incident in which they'll provided you protection.

Giving users easier-then-hacking-through-sources way of setting bigger
key size isn't a crime.

I think I should give Werner much faster phone now ;) (on my own using
8192-bit RSA key takes about 2-4 seconds to successfully auth; phone was
made in 2010 and is simply _average_ smartphone)

-- 
Kind regards,
Milo