Some people say longer keys are silly. I think they should be supported by gpg.

John Clizbe John at enigmail.net
Tue May 22 20:48:26 CEST 2012


tim.kachao at gmail.com wrote:
> I think it should be okay to dredge up this topic ever couple years.  From 
> what I am reading, links below,  I do not feel comfortable with the key 
> length and algorithmic security offered by GPG's defaults.
> 
> I have not been able to figure out how to get keylengths greater than 3072 
> for DSA/elgmal or >4094 rsa, so I conclude that generating them is 
> unsupported by GPG although GPG can use them.  I have seen many people 
> saying that these types of key lengths are way more than anyone could 
> reasonably need, but I am skeptical.
> 
> I am involved in a local Occupy (bet you thought occupy was kaput eh?  well 
> as it were known it is but that's another story) and frankly we aren't 
> just up against one intelligence agency, but all intel agencies put 
> together.  An entire global class of people.  You can argue that they may 
> be uninterested in me, however I don't buy that argument at all because 
> they have spent (possibly a lot) more than a thousand dollars at least on 
> me personally at this point I am sure in policing costs to try to 
> survielle and intimidate me, after you divide down. 
> 
I was wondering... Does your group communicate with one another using cell
phones? I ask not because of the irony of protesting globalization on cell
phones, but because of the cell phone industry's woefully poor record on
ecryption technology.

What about WiFi? Do the public Access Points you all use use encryption? Is it
stronger than WEP? what about someone plugging in a Snooper in the wiring
closet of that StarBucks or McDonald's?

_IF_ THEY are /really/ watching you, they've used cameras to watch you type in
your passphrase, and windows and Gmail passwords. They may have used a
weakness in CIFS to copy your keyrings.

All this and you're worried about overkill on the one place they WON'T attack?
No one attacks the crypto. They're are too many easier routes. If you're
/really/ worried about privacy and security, get your priorities straightened
out.  bin Laden didn't use cell phones, not because he was a techno-Luddite,
but because he understood the risks of using them. You need to get a handle on
all the risks of all the technology you use.

-John

PS: Leave the tinfoil hat at home, it draws undue attention to you.

-- 
John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"



More information about the Gnupg-users mailing list