Some people say longer keys are silly. I think they should be supported by gpg.

Robert J. Hansen rjh at sixdemonbag.org
Tue May 22 19:10:05 CEST 2012 

I apologize in advance if any of this sounds snarky.  It's not intended
as such.  Everything I've written here is sincere.

> I am involved in a local Occupy (bet you thought occupy was kaput eh?  well 
> as it were known it is but that's another story) and frankly we aren't 
> just up against one intelligence agency, but all intel agencies put 
> together.

Did you know that in the United States, the Fish and Wildlife Service is
an intelligence agency?  Check their jobs postings and you'll see a good
number of them say a security clearance is required.

Your claim may lead people to writing off your movement on the grounds
that one of two things are true.  Either:

	- "They're a bunch of crazies who think that even the park
	   rangers are after them,"
	- Or, "holy Toledo, even the park rangers are after them!"

It seems unlikely to me that either one will engender much support.  If
people think the former, then the movement is crazy and can be written
off.  If people think the latter, then it's incredibly dangerous to
stand too close to you and no one will show up to your protests.

> There are also estimates made that in the US 1 in 6 "protestors" is 
> actually a government agent of one sort or another, dept of defense, 
> homeland security, fbi what have you.

Not even Nicolai Ceaucescu's Romania or Erich Honecker's German
Democratic Republic were able to get one in six people to serve as
informers.

> I'm 23 now and I take various modest precautions to ensure that I have the 
> best chance I can to remain in good health when I am 43. Or 63.  A couple 
> hundred extra milliseconds of decryption/encryption time per message for 
> a key longer than 3072 or 4092 sounds like a good choice frankly.  Is 
> that not what we are looking at?

No, it's not what we're looking at.

If we take you seriously, if we really believe what you say, then what
we're looking at is:

	- If we help you, we're likely going to get "disappeared",
	  either now or in twenty years
	- Your group is completely penetrated/compromised
	- Your group has no effective methods of policing itself
	  to detect and expel infiltrators
	- There's an excellent chance *you yourself* are a mole.
	  After all, there's no better way to deflect suspicion than
	  to be looking for moles -- ask Aldrich Ames or Robert Hanssen
	- And yet, you believe that if GnuPG supports larger key
	  sizes that your security will be substantially improved.

> Fourthly a little safety margin never hurt.

If what you say is true, then just by coming onto this list and asking
for help you have put everyone on this list in jeopardy.  Your obsession
with a "little safety margin" seems rather hypocritical.

There are really only two possibilities here.  Either your claims are
substantially true, or they are substantially false.  I believe they are
substantially false, and I encourage you to re-think them.  A correct
estimation of your situation and what sorts of security threats you're
facing will do you infinitely more good than a larger GnuPG key.

And with that, I'm done with this thread.  I wish you luck.

More information about the Gnupg-users mailing list