SSH Agent keys >4096 bit?

Robert J. Hansen rjh at
Sat May 5 15:13:59 CEST 2012

On 5/5/12 8:57 AM, Milo wrote:
> "Derivatives of Shor's algorithm are widely conjectured to be effective
> against all mainstream public-key algorithms including RSA,
> Diffie-Hellman and elliptic curve cryptography". I'm not considering all
> of them. I used more general expression.

In that case, everything you're advocating is confusing me.  Yes, if and
when QC comes along many existing systems will need to be considered
suspect.  However, if you're concerned about QC you will get far more
mileage from switching to a QC-resistant asymmetric algorithm than from
adding a few bits to your RSA key.  Why all this focus on longer RSA
keys as a response to QC?  It makes no sense at all.

> But I don't think that biggest proponents of longer asymmetric keys are
> such kind of guys. Your approach advised to this hypothetical person is
> more like tao of using encryption then set of objective rules.

That's because there are very few objective rules.  Computer security is
dominated by the human element, and human beings do not tend to strictly
follow objective rules.

When it comes to crypto, yes, we can say certain things with great
mathematical certainty.  The instant that crypto gets fielded, though,
the math becomes the least important part of the equation.  The human
element becomes overwhelmingly dominant.

> But lacking bigger margin of security because of limited key space.

NIST has certified 3DES until 2030: it is quite likely that in 2030 3DES
will be certified for another couple of decades.

> Check 3des history for details (
> ).

I did, and I don't see anything in there that are ugly hacks or
backwards-incompatible.  Choose your keying option (three-key being
preferred), stick with it and you're done.

More information about the Gnupg-users mailing list