2048 or 4096 for new keys? aka defaults vs. Debian

Paul R. Ramer free10pro at gmail.com
Sun Oct 27 21:49:26 CET 2013


"Robert J. Hansen" <rjh at sixdemonbag.org> wrote:
>Let's say that tomorrow I lose my passphrase and make a new keypair.
>Then in 25 years someone approaches me with a signed OpenPGP message
>dated Christmas 2013, saying "I agree to pay you one million dollars at
>Christmas 2038."  I scream it's a forgery, they scream it's valid, we
>go
>to trial.
>
>Who do you think the judge will believe -- that this message, which
>nobody can produce any evidence existed prior to 2038, is real?  Or
>that
>it's some clever shenanigans made possible by newly-developed
>technology
>which made my old keypair vulnerable?
>
>Just because a digital signature can be forged *mathematically* is no
>guarantee the signature can be forged *in actuality*.

Quite right.  This what we sometimes forget about when discussing things like key length, signatures, and projected viability of algorithms.  The law is not the same as the crypto.

This is similar to the topic of deniability in which the crypto is said to make it so that the user can plausibly deny that he has the encryption key, for example.  But if the law, or the court, does not accept that as a valid defense, the user is screwed.

The cryptography gives us capabilities, but it is not the deciding factor where the law is concerned.

Cheers,

--Paul
--
PGP: 3DB6D884



More information about the Gnupg-users mailing list