2048 or 4096 for new keys? aka defaults vs. Debian

Filip M. Nowak gnupg at oneiroi.net
Sun Oct 27 19:09:34 CET 2013 

List, Robert.

On 10/27/2013 06:36 PM, Robert J. Hansen wrote:
> On 10/27/2013 12:47 PM, Filip M. Nowak wrote:
>> All this comes with a price of
>> increased processing power requirement and most of the hardware vendors
>> are doing really good here (really happily).
> 
> In the embedded space it's still quite common to see 8-bit processors
> used as PICs.  We're just beginning to make the migration to 32-bit
> processors, but it's going to be a long, long transition: there's a huge
> installed base that will only get replaced when old chips fry and burn out.

That's correct but:

1) Specialized microcontrollers with crypto capabilities are available
and used for years now (AVR XMEGA which is 8 bit for example)
2) Stuff you are mentioning in most cases isn't used alone - in case of
need they are used with other chips, this is more or less idea behind
microcontrollers application.

> Consumer-grade hardware is a decadent Garden of Eden.

Whatever poetic comparison or description fits here, this is a fact.
Also it's worth to mention that it's not only about consumer computing
hardware: enterprise computing market is overshadowing things are
happening with consumer-grade stuff much.

> However, the tiny
> little processor that monitors chemical levels at your local water
> treatment plant is going to be embarrassingly low-powered.

I don't expect them to be required to do crypto on their own any soon.
SoC thingies are other story but they have power as well as
cryptographic engines quite often (trust to the vendor and/or hw
implementation of the crypto, is other topic).

> Given GnuPG aims to support even some of those bits of hardware (and I'm
> glad of it -- some of those installations need confidentiality,
> integrity and assurance even more than I do!), I'm happy the GnuPG
> defaults are the way they are.

This is your holy right I think. I would say exactly the same to the
people who are dissatisfied with those settings or hardwired limits.

>> On the other hand, one of the conclusions that Mr Schneier...
> 
> Just once, I'd love to hear someone say "Kelsey advises" or "Boneh
> thinks" or "Ferguson has opined that..."
> 
> The world of computer security is a lot larger than Bruce Schneier.
> He's good, absolutely, but really.  Open your eyes a little and read
> more of the literature.  There's a ton of good stuff out there, and a
> lot of it disagrees with Bruce.

While unintentionally you just made my point which I was trying to share
by this citation - and point is Werner isn't only guy with authority and
opinions can vary.

P.S. Please stop suggesting level of education and literacy to fellow
list-contributors; focus on discussion.

	Kind regards,
	Filip

More information about the Gnupg-users mailing list