2048 or 4096 for new keys? aka defaults vs. Debian
mailinglisten at hauke-laging.de
Sat Oct 26 18:16:32 CEST 2013
Am Fr 25.10.2013, 23:45:50 schrieb Johan Wevers:
> Further, if they expect it to be secure for only 25 years,
This means that every single key is secure over that time. It means that after
25 years organizations with huge resources may be able to crack a *single* key
in a lot of time (rather a year than a day). So even within the next 35 years
THEY have to make a very small selection which keys they want to break as then
there will be a few million 2048-bit keys around. And that requires that the
law doesn't change within that time, forcing the agencies to delete most of
the stored encrypted data. The US government is just realizing that their
current approach causes costs beside those in the budget.
And we have not even talked about the different security levels of keys. The
default setting of gpg should be suitable for normal keys i.e. keys for
everyday communication. If you need a high security key then you need to know
a lot about IT security anyway because the keys are the strongest part of the
system. Those who know how to do the rest right obviously know whether and how
to increase the key size.
Why should anyone 25+ years from now spend a huge amount of resources in order
to read a tiny part of today's everyday communication (or a big part in 40
years)? That makes absolutely no sense. How do you want to explain that in a
democracy, "hunting terrorists"?
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users