Some people say longer keys are silly. I think they should be supported by gpg.

Hubert Kario hka at qbs.com.pl
Tue May 22 19:23:28 CEST 2012


On Tuesday 22 of May 2012 13:34:20 david at gbenet.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 22/05/12 09:58, tim.kachao at gmail.com wrote:
> > I think it should be okay to dredge up this topic ever couple years. 
> > From what I am reading, links below,  I do not feel comfortable with
> > the key length and algorithmic security offered by GPG's defaults.
> > 
> > I have not been able to figure out how to get keylengths greater than
> > 3072 for DSA/elgmal or >4094 rsa, so I conclude that generating them is
> > unsupported by GPG although GPG can use them.  I have seen many people
> > saying that these types of key lengths are way more than anyone could
> > reasonably need, but I am skeptical.
> > 
> > I am involved in a local Occupy (bet you thought occupy was kaput eh? 
> > well as it were known it is but that's another story) and frankly we
> > aren't just up against one intelligence agency, but all intel agencies
> > put together.  An entire global class of people.  You can argue that
> > they may be uninterested in me, however I don't buy that argument at
> > all because they have spent (possibly a lot) more than a thousand
> > dollars at least on me personally at this point I am sure in policing
> > costs to try to survielle and intimidate me, after you divide down.
> > 
> >  The eviction alone at my occupy cost (probably greatly) in excess of
> > 
> > $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours.
> > There are also estimates made that in the US 1 in 6 "protestors" is
> > actually a government agent of one sort or another, dept of defense,
> > homeland security, fbi what have you.  And that exludes any thugs the
> > bankers put in the crowd as privately hired types.
> > 
> > Secondly I want my communications to remain unread into the relatively
> > distant future.  Given the sort of crap the 1% do wrt murdering and
> > maiming vast quantites of people for a couple extra bucks I would not be
> > the least bit surprised if 20 years from now they "dissapeared" me
> > because I passed our some pamphlets that said "end class war now".
> > 
> >  An enemy is an enemy, and enemies must be smooshed, right?  Why take
> >  risks> 
> > like letting an innocent person live if they might concievable scratch
> > your gravy train at some point in the future? Abductions and bullets
> > aren't that expensive once you got everything all set up, it's a good
> > investement.
> > 
> > 
> > I'm 23 now and I take various modest precautions to ensure that I have
> > the best chance I can to remain in good health when I am 43. Or 63.  A
> > couple hundred extra milliseconds of decryption/encryption time per
> > message for a key longer than 3072 or 4092 sounds like a good choice
> > frankly.  Is that not what we are looking at?
> > 
> > And yes I recognize that it would be a lot easier for them to plant
> > spyware on my computers than break the keys, however they can't plant
> > spyware on everone's computer. without people noticing  They do slurp
> > up and probably store indefinitely all text -and many other-
> > communications on the internet (carnivore etc.).  In the future, data
> > they don't have they can't use.  There is always a substantial
> > probability that they will not get my keys with spyware, and I would
> > like capitalize (If you'll pardon me) on that.
> > 
> > Fourthly a little safety margin never hurt.
> > 
> > I think it should be easier to pick longer keys.  Also info should be
> > included in the compendium regarding practical aspects of key choice,
> > like a table that shows how long it takes to encrypt a symmetric key
> > with
> > 2048, 4092 etc.  Or event just a table in which you select your
> > adversary, then your time horizon, and it tells you what key lengths are
> > suitable, with due warnings and notes regarding the possibility of
> > quantum computers, mathematical advances etc.
> > 
> > I understand that no matter how long the keys are it's still only a
> > relatively small part of the equation.  However I thought it was the
> > norm
> > to pick something that basically eliminated concern about the encryption
> > being broken, so one could forget about that part and focus on the
> > rest.of your security worries.
> > 
> > My trust in GPG has been disturbed by this state of affairs.  I thought
> > I
> > could just trust the defaults but I am finding that they may not really
> > include the safety margin that people desire. I shudder to think of
> > people who are doing more serious stuff in the class war than little ol'
> > me (which isn't hard).
> > 
> > Links:
> > http://en.wikipedia.org/wiki/RSA_%28algorithm%29
> > -http://www.schneier.com/essay-368.html < note that this was written in
> > 1998 http://www.rsa.com/rsalabs/node.asp?id=2004  this one in
> > particular makes it clear that it is not unreasonable for someone in my
> > position to choose a 4096 bit key.
> > 
> > 
> > http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S.
> > Government requires 192 or 256-bit AES keys for highly sensitive data. 
> > A 3072 bit RSA or elGamal key is about equivalent to 128 bit symmetric
> > key, right? And a 256 bit key length equivalent public key is abut
> > 15,387 bits..  I think if people want to use the same level of
> > encryption for their data that the government uses shouldn't that be
> > supported at least in command line mode?
> > http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on
> > equivalencies
> > in computation and cost of public key vs. symmetric.
> > 
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> Some say that all the power of the universe - and all the time its been in
> existence will not crack a 2048 bit key with a secure passphrase. So by
> the time the universe is well and truly over and some poor sod of a
> government agent is alive and well he will not have cracked yer e-mails
> or indeed any encrypted data. Can you imagine that power from a computer?
> No. The mind boggles at the energy it would consume - a million million
> million ad infinitum suns.
> 
> But they "key" to all this is them holding your private key - it would be
> quicker and a lot simpler to crush your balls with a pair of pliers - you
> will give up your most treasured possession - your passphrase. This is
> the meaning of brute force attacks on your key.
> 
> The strength of your passphrase is critical alpha numerics take the whole
> universe to crack where as a phrase like:
> 
> "marymary&%/*had*)/+a:+=little$£"KL$Donkey#*hadxxxabad%$*JHGbadIUNG6**leg^
> )andalways@#][a\|little-0UHKTwalkedUKL:@?^wonkey
> 
> 
> is a good key it will last you forever - if you can stand having your
> balls crushed. So the best form of security would be to invest in a
> sturdy steel codpiece and a long passphrase.
> 
> David

"everything that could be invented has been invented"

"640k ought to be enough for anybody"

Do we really have to repeat the history?

Regards,
-- 
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl



More information about the Gnupg-users mailing list