Some people say longer keys are silly. I think they should be supported by gpg.
Werner Koch
wk at gnupg.org
Tue May 22 17:50:00 CEST 2012
On Tue, 22 May 2012 10:58, tim.kachao at gmail.com said:
> on my computers than break the keys, however they can't plant spyware on
> everone's computer. without people noticing They do slurp up and
Are you sure? Did you looked at the GnuPG code so closely to come up
with such a strong statement? I should feel honored that you put that
much trust into us GnuPG authors and the few white hats who closely
reviewed the code. However there is more to it than GnuPG. Do you put
the same trust into the gcc and glibc maintainers, Linux kernel hackers,
the Windows hackers at Microsoft and elsewhere, the hardware guys at
Intel or AMD, the support chip vendors? There are a lot of ways to
compromise a system, hidden backdoors in other systems have already been
revealed in the past.
> 2048, 4092 etc. Or event just a table in which you select your
> adversary, then your time horizon, and it tells you what key lengths are
> suitable, with due warnings and notes regarding the possibility of
Any such table would to some extend be the result of applying black
magic. GnuPG is just a tool and not a cover all security solution. For
such a solution you need to come up with a threat analysis, evaluate
countermeasures, policies, training, more software, and likely
additional hardware (walls, locks, barbed wire).
> to pick something that basically eliminated concern about the encryption
> being broken, so one could forget about that part and focus on the
> rest.of your security worries.
Right, we are doing just that. As of now 2048 bit RSA is a pretty good
default. Before you use a longer key, my suggestion would be to first
install a random generator which holds up with such a key.
> http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies
> in computation and cost of public key vs. symmetric.
That is pure cryptography and as such good hint on how to select
defaults for a general purposes system - but not a absolute truth.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list