SSH Agent keys >4096 bit?

Milo gnupg at
Sat May 5 12:49:16 CEST 2012

On 05/05/2012 12:08 PM, Peter Lebbing wrote:
> On 04/05/12 22:35, Milo wrote:
>> You can't tell consumer or end-user that he can't use 256-bit, symmetric
>> cipher for his (even!) porn stash because this is some kind of faux pas
>> and he is iconoclast because of this. It's up to him.
> Why should the GnuPG authors include a feature they don't believe in? If
> it's in GnuPG official, it will need to be supported. What if there is
> some bug that only rears its ugly head with 8k keys? They'll need to
> spend more time on it, time better spent elsewhere.

1) You are responding to citation regarding symmetric crypto with widely
used key length.

2) Proponents of approach you are commenting on gave some arguments here
already. If not sure check thread and other sources.

> And especially, why should they add something they simply don't believe in.
> The use of 8k keys is bothersome to others. In the GnuPG case for
> certifications and signatures, and in the SSH case for the owner of the
> server you're logging in to and burning unnecesary CPU cycles.
>> One more time - this is not up to you or software authors to decide
>> what's the value behind encrypted data. Even if reason of encrypting it
>> is silly.
> I don't think it's up to you to decide that the GnuPG authors need to
> officially support something they find silly.

This is open discussion about free software's value and (expected by
some) functionality. Discussion and judging on value of private data is
something totally different you know.

No offence but I don't think that GnuPG is only to address 100% authors'

> And you seem to forget that when you use GnuPG with (for example) 4k
> keys, the 4k key is simply not the weakest link! This has been said already.

I'm not forgetting about this. But you are forgetting you are using
symmetric crypto with 256-bit key length (e.g. HTTPS) and you don't have
any problem with this "security overkill" (but yes - symmetric ciphers
are computationally to use cheaper).

For RSA you'll get similar security with ~15k key!

Simply for some 4k isn't enough here. Can you imagine your own, private
data which should be encrypted for more years then 4k asymmetric key is
able to secure? If not you are including into discussion your own needs
(or lack of them) as universal and only truth.

> It's an interesting take on things, that the GnuPG authors somehow think
> your data must be invaluable, because they don't offer 8k RSA.

This is your flawed conclusion.

> If your
> data is that valuable, keep it to yourself. Don't give even the
> encrypted variant to your enemy. Because your formidable enemy will know
> of a way to decrypt it without breaking your 8k key.

Give people in need reasonable way of providing comparable level of
security in physical means (with at least same costs as with
cryptography). You'll become rich, rich man.

> Peter.


More information about the Gnupg-users mailing list