Maximum keypair length...
LisToFacTor
listofactor at mail.ru
Sun May 10 05:35:10 CEST 2020
> If everyone involved will have both the public and secret
> daily keys, I don't see the need for using public cryptography.
> Just generate all those daily keys¹ as a random 128 bit
> passphrase each and use a symmetric cipher such as AES.²
It is actually an interesting contemporary phenomenon: there
are quite a few instances I've encountered, where the threat
model is never properly defined, and therefore the cryptography
system architecture is not what fits any particular threat
model, and where public key crypto is used where the "common",
symmetrical crypto would do the trick quite nicely.
It is my theory that this is happening with such surprising
regularity because too many system architects view GPG as a
"magic box", without even understanding that in reality it
is only a public key crypto "wrapper" around the conventional,
symmetric crypto hiding inside. In other words, symmetric
crypto is *always used* by their system, if the wrapper
around it is used in addition, there better be a justifiable
reason for it.
More information about the Gnupg-users
mailing list