Question about key size (Was: [ale] ALE PGP Keysigning Party Instructions)
greg at turnstep.com
greg at turnstep.com
Wed Jan 15 10:40:22 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
> No, it *is* the point. Encryption's a pain. Keys are a pain. The
> longer they are, the more painful they are. Going over 2048 bits
> isn't supported by many common clients that end users use.
Really? What clients would this be?
> Longer keys are markedly slower (doesn't matter to you on your
> desktop, but it does matter to me when I do email on my
> Zaurus). etc.
I think you overstate the problems. Even a Zaurus should be able
to handle >2048 without a problem. Using ElGamal keys, on the
other hand, does produce a major slowdown, but that is an
algorithm decision, not a key size one.
> 1. you don't encrypt something that's worth, say $1 million to
> decrypt (amortizing $1 billion across 1000 compromises), so
> you're not specifically targeted
That's the old "why use encryption if you have nothing to hide"
argument. I don't know who is going to target me, or what I may
need to use my encryption for in the future. My secrets are
valuable to me, regardless of an external monetary value someone
else may place on them, so I prefer to treat them all as important.
> #2 is the fax machine syndrome. Encryption's one of those things
> that becomes more useful when more people adopt it, because your
> specific encryption gets lost in the sea of everyone else's
> encryption. For that to be true, you have to keep the cost of
> entry low enough that people adopt it, which means you have to
> keep the key sizes small enough that they will work with people's
> software and hardware....
That's a ridiculous argument for small key sizes. First, >2048 is
not an unreasonably large key size. Second, saying your "specific
encryption gets lost in the sea" is beside the point. Use good
encryption: the number of other people using it is irrelevant.
Do you think the NSA just randomly pulls encrypted messages out
of the Internet to practice on? How can it matter how many
other encrypted messages are out there? Messages always exists in a
context.
> But that's always the case. Encryption will *never* protect you
> against someone with enough money. So it's not cost-feasible to
> crack your 4096-bit key today? Fine. I save your traffic, then
> wait 10 years, or 20 years, or 50 years (there's plenty of traffic
> which will still have financial value if decoded 50 years from now.
> Think about, say, an email containing a trade secret like the
> formula of Coke). Moore's Law will have made it affordable for
> me to crack it then....
But encryption will protect you, regardless of how much money
someone has. That's the beauty of it. The secrets you have should be
protected to a reasonable extent against current and futuristic
technology. And the cost of protecting yourself against someone
with unlimited funds is now in everyone's reach. Most secrets are not
like the Coke example above, but are terribly topical to the events of
the day. Take, for example, the codes used in WW II, or a businessman
discussing an upcoming merger. Moore's Law is already approaching its
limitations. Brute forcing a 4096-bit key will require more than Moore.
> You can never get absolute protection, at least w/ current methods.
> You can only get "good enough" protection. And for most people and
> most data today, 1024 bits is still "good enough".
I am not sure I understand this argument. If all you want is
"good enough", why not go to a 56 bit key? Or one of the older
algorithms? After all, are they not "good enough" for most data? Even
if your data is not important today, what about tomorrow? Why wait for
the day when you need really good encryption?
When it all comes down to it, 1024 is probably still secure, but
there is no harm (and great future benefit), in going to 2048 or
4096 as your key size. Brute forcing is always the means of last
defense, as there are plenty of other ways for other people to
compromise your key, but it never hurts to make every link in
your chain as strong as possible.
--
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 200301151042
-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html
iD8DBQE+JYLvvJuQZxSWSsgRAsWwAJ9WneWYwxhxdfo9WYj8iwWOQCZfoQCbBtaB
kst0lgkObY7IxE6cM+6YPXk=
=J8EZ
-----END PGP SIGNATURE-----
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list