SSH Agent keys >4096 bit?

Robert J. Hansen rjh at
Sun May 6 10:50:49 CEST 2012

On 05/05/2012 10:42 AM, Milo wrote:
> Obviously it's not. It's for example inappropriate to call single run
> of DES 3DES...

At this point I genuinely can't tell if I'm being trolled.  I'm going to
assume that I am not, and this will be my last statement on this entire

Two functions may operate quite differently, and yet be considered
completely identical from a computational perspective.  If I ask you to
add the numbers from 1 to 100, you might solve it the long way by doing
one hundred additions or you might do it the quick way by computing
(101*100)/2 or you might do it the fastest possible way by making a
lucky guess of 5,050.

Doesn't matter.  They're all equivalent.  If Function A and Function B
accept the same domain, output the same range, and have identical
surjections from domain onto range, then they can be said to be identical.

DES is an example of this.  Nowhere in the DES validation tests does it
specify, "your code must look like this."  The DES validation tests only
say, "given this input and this key, you must generate this output."  If
your implementation passes the DES validation tests, then
congratulations, you can be certified as a FIPS-compliant DES

One-key 3DES is quite capable of passing the DES validation tests.  This
means that for all intents and purposes it is a DES implementation.

As I said, I don't know if I'm being trolled or if you're just
thoroughly misinformed.  If the former, please stop.  If the latter, it
can be corrected.

More information about the Gnupg-users mailing list