Some people say longer keys are silly. I think they should be supported by gpg.
tim.kachao at gmail.com
tim.kachao at gmail.com
Tue May 22 10:58:48 CEST 2012
I think it should be okay to dredge up this topic ever couple years. From
what I am reading, links below, I do not feel comfortable with the key
length and algorithmic security offered by GPG's defaults.
I have not been able to figure out how to get keylengths greater than 3072
for DSA/elgmal or >4094 rsa, so I conclude that generating them is
unsupported by GPG although GPG can use them. I have seen many people
saying that these types of key lengths are way more than anyone could
reasonably need, but I am skeptical.
I am involved in a local Occupy (bet you thought occupy was kaput eh? well
as it were known it is but that's another story) and frankly we aren't
just up against one intelligence agency, but all intel agencies put
together. An entire global class of people. You can argue that they may
be uninterested in me, however I don't buy that argument at all because
they have spent (possibly a lot) more than a thousand dollars at least on
me personally at this point I am sure in policing costs to try to
survielle and intimidate me, after you divide down.
The eviction alone at my occupy cost (probably greatly) in excess of
$16,000 to arrest 8 people, and involved almost 200 cops for 4 hours.
There are also estimates made that in the US 1 in 6 "protestors" is
actually a government agent of one sort or another, dept of defense,
homeland security, fbi what have you. And that exludes any thugs the
bankers put in the crowd as privately hired types.
Secondly I want my communications to remain unread into the relatively
distant future. Given the sort of crap the 1% do wrt murdering and
maiming vast quantites of people for a couple extra bucks I would not be
the least bit surprised if 20 years from now they "dissapeared" me
because I passed our some pamphlets that said "end class war now".
An enemy is an enemy, and enemies must be smooshed, right? Why take risks
like letting an innocent person live if they might concievable scratch
your gravy train at some point in the future? Abductions and bullets
aren't that expensive once you got everything all set up, it's a good
I'm 23 now and I take various modest precautions to ensure that I have the
best chance I can to remain in good health when I am 43. Or 63. A couple
hundred extra milliseconds of decryption/encryption time per message for
a key longer than 3072 or 4092 sounds like a good choice frankly. Is
that not what we are looking at?
And yes I recognize that it would be a lot easier for them to plant spyware
on my computers than break the keys, however they can't plant spyware on
everone's computer. without people noticing They do slurp up and
probably store indefinitely all text -and many other- communications on
the internet (carnivore etc.). In the future, data they don't have they
can't use. There is always a substantial probability that they will not
get my keys with spyware, and I would like capitalize (If you'll pardon
me) on that.
Fourthly a little safety margin never hurt.
I think it should be easier to pick longer keys. Also info should be
included in the compendium regarding practical aspects of key choice,
like a table that shows how long it takes to encrypt a symmetric key with
2048, 4092 etc. Or event just a table in which you select your
adversary, then your time horizon, and it tells you what key lengths are
suitable, with due warnings and notes regarding the possibility of
quantum computers, mathematical advances etc.
I understand that no matter how long the keys are it's still only a
relatively small part of the equation. However I thought it was the norm
to pick something that basically eliminated concern about the encryption
being broken, so one could forget about that part and focus on the
rest.of your security worries.
My trust in GPG has been disturbed by this state of affairs. I thought I
could just trust the defaults but I am finding that they may not really
include the safety margin that people desire. I shudder to think of
people who are doing more serious stuff in the class war than little ol'
me (which isn't hard).
-http://www.schneier.com/essay-368.html < note that this was written in 1998
http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes
it clear that it is not unreasonable for someone in my position to choose
a 4096 bit key.
http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government
requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit
RSA or elGamal key is about equivalent to 128 bit symmetric key, right?
And a 256 bit key length equivalent public key is abut 15,387 bits.. I
think if people want to use the same level of encryption for their data
that the government uses shouldn't that be supported at least in command
http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies
in computation and cost of public key vs. symmetric.
More information about the Gnupg-users