SSH Agent keys >4096 bit?

Werner Koch wk at gnupg.org
Mon May 7 10:13:40 CEST 2012


On Sat,  5 May 2012 12:08, peter at digitalbrains.com said:

> Why should the GnuPG authors include a feature they don't believe in? If
> it's in GnuPG official, it will need to be supported. What if there is

It is marketing again.  PGP started to use AES-256 for marketing reasons
and thus we more or less forced to do include support for AES-256.  We
initially even did not put AES-256 on top of the cipher preferences,
but we even had to change even this:

            /* The rationale why we use the order AES256,192,128 is
               for compatibility reasons with PGP.  If gpg would
               define AES128 first, we would get the somewhat
               confusing situation:

                 gpg -r pgpkey -r gpgkey  ---gives--> AES256
                 gpg -r gpgkey -r pgpkey  ---gives--> AES

               Note that by using --personal-cipher-preferences it is
               possible to prefer AES128.
            */

> And you seem to forget that when you use GnuPG with (for example) 4k
> keys, the 4k key is simply not the weakest link! This has been said already.

Exactly.

> data is that valuable, keep it to yourself. Don't give even the
> encrypted variant to your enemy. Because your formidable enemy will know
> of a way to decrypt it without breaking your 8k key.

Well, even the former option is subject to a pretty cheap rubber hose
cryptanalysis.  It all depends on your threat model.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list