Some people say longer keys are silly. I think they should be supported by gpg.

tim.kachao at gmail.com tim.kachao at gmail.com
Tue May 22 10:58:48 CEST 2012


I think it should be okay to dredge up this topic ever couple years.  From 
what I am reading, links below,  I do not feel comfortable with the key 
length and algorithmic security offered by GPG's defaults.

I have not been able to figure out how to get keylengths greater than 3072 
for DSA/elgmal or >4094 rsa, so I conclude that generating them is 
unsupported by GPG although GPG can use them.  I have seen many people 
saying that these types of key lengths are way more than anyone could 
reasonably need, but I am skeptical.

I am involved in a local Occupy (bet you thought occupy was kaput eh?  well 
as it were known it is but that's another story) and frankly we aren't 
just up against one intelligence agency, but all intel agencies put 
together.  An entire global class of people.  You can argue that they may 
be uninterested in me, however I don't buy that argument at all because 
they have spent (possibly a lot) more than a thousand dollars at least on 
me personally at this point I am sure in policing costs to try to 
survielle and intimidate me, after you divide down. 

 The eviction alone at my occupy cost (probably greatly) in excess of 
$16,000 to arrest 8 people, and involved almost 200 cops for 4 hours.  
There are also estimates made that in the US 1 in 6 "protestors" is 
actually a government agent of one sort or another, dept of defense, 
homeland security, fbi what have you.  And that exludes any thugs the 
bankers put in the crowd as privately hired types.

Secondly I want my communications to remain unread into the relatively 
distant future.  Given the sort of crap the 1% do wrt murdering and 
maiming vast quantites of people for a couple extra bucks I would not be 
the least bit surprised if 20 years from now they "dissapeared" me 
because I passed our some pamphlets that said "end class war now". 

 An enemy is an enemy, and enemies must be smooshed, right?  Why take risks 
like letting an innocent person live if they might concievable scratch 
your gravy train at some point in the future? Abductions and bullets 
aren't that expensive once you got everything all set up, it's a good 
investement.


I'm 23 now and I take various modest precautions to ensure that I have the 
best chance I can to remain in good health when I am 43. Or 63.  A couple 
hundred extra milliseconds of decryption/encryption time per message for 
a key longer than 3072 or 4092 sounds like a good choice frankly.  Is 
that not what we are looking at?

And yes I recognize that it would be a lot easier for them to plant spyware 
on my computers than break the keys, however they can't plant spyware on 
everone's computer. without people noticing  They do slurp up and 
probably store indefinitely all text -and many other- communications on 
the internet (carnivore etc.).  In the future, data they don't have they 
can't use.  There is always a substantial probability that they will not 
get my keys with spyware, and I would like capitalize (If you'll pardon 
me) on that.

Fourthly a little safety margin never hurt.

I think it should be easier to pick longer keys.  Also info should be 
included in the compendium regarding practical aspects of key choice, 
like a table that shows how long it takes to encrypt a symmetric key with 
2048, 4092 etc.  Or event just a table in which you select your 
adversary, then your time horizon, and it tells you what key lengths are 
suitable, with due warnings and notes regarding the possibility of 
quantum computers, mathematical advances etc.

I understand that no matter how long the keys are it's still only a 
relatively small part of the equation.  However I thought it was the norm 
to pick something that basically eliminated concern about the encryption 
being broken, so one could forget about that part and focus on the 
rest.of your security worries.

My trust in GPG has been disturbed by this state of affairs.  I thought I 
could just trust the defaults but I am finding that they may not really 
include the safety margin that people desire. I shudder to think of 
people who are doing more serious stuff in the class war than little ol' 
me (which isn't hard).

Links:
http://en.wikipedia.org/wiki/RSA_%28algorithm%29
-http://www.schneier.com/essay-368.html < note that this was written in 1998
http://www.rsa.com/rsalabs/node.asp?id=2004  this one in particular makes 
it clear that it is not unreasonable for someone in my position to choose 
a 4096 bit key.


http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government 
requires 192 or 256-bit AES keys for highly sensitive data.  A 3072 bit 
RSA or elGamal key is about equivalent to 128 bit symmetric key, right?  
And a 256 bit key length equivalent public key is abut 15,387 bits..  I 
think if people want to use the same level of encryption for their data 
that the government uses shouldn't that be supported at least in command 
line mode?
http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies 
in computation and cost of public key vs. symmetric.



More information about the Gnupg-users mailing list