Question about key size (Was: [ale] ALE PGP Keysigning Party Instructions)

greg at turnstep.com greg at turnstep.com
Wed Jan 15 10:40:22 EST 2003



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message


> No, it *is* the point. Encryption's a pain. Keys are a pain. The 
> longer they are, the more painful they are. Going over 2048 bits 
> isn't supported by many common clients that end users use.

Really? What clients would this be?

> Longer keys are markedly slower (doesn't matter to you on your 
> desktop, but it does matter to me when I do email on my 
> Zaurus). etc.

I think you overstate the problems. Even a Zaurus should be able 
to handle >2048 without a problem. Using ElGamal keys, on the 
other hand, does produce a major slowdown, but that is an 
algorithm decision, not a key size one.

> 1. you don't encrypt something that's worth, say $1 million to 
> decrypt (amortizing $1 billion across 1000 compromises), so 
> you're not specifically targeted

That's the old "why use encryption if you have nothing to hide" 
argument. I don't know who is going to target me, or what I may 
need to use my encryption for in the future. My secrets are 
valuable to me, regardless of an external monetary value someone 
else may place on them, so I prefer to treat them all as important.

> #2 is the fax machine syndrome. Encryption's one of those things 
> that becomes more useful when more people adopt it, because your 
> specific encryption gets lost in the sea of everyone else's 
> encryption. For that to be true, you have to keep the cost of 
> entry low enough that people adopt it, which means you have to 
> keep the key sizes small enough that they will work with people's 
> software and hardware....

That's a ridiculous argument for small key sizes. First, >2048 is 
not an unreasonably large key size. Second, saying your "specific 
encryption gets lost in the sea" is beside the point. Use good 
encryption: the number of other people using it is irrelevant.
Do you think the NSA just randomly pulls encrypted messages out 
of the Internet to practice on? How can it matter how many 
other encrypted messages are out there? Messages always exists in a 
context.


> But that's always the case. Encryption will *never* protect you 
> against someone with enough money. So it's not cost-feasible to 
> crack your 4096-bit key today? Fine. I save your traffic, then 
> wait 10 years, or 20 years, or 50 years (there's plenty of traffic 
> which will still have financial value if decoded 50 years from now. 
> Think about, say, an email containing a trade secret like the 
> formula of Coke). Moore's Law will have made it affordable for 
> me to crack it then....

But encryption will protect you, regardless of how much money 
someone has. That's the beauty of it. The secrets you have should be 
protected to a reasonable extent against current and futuristic 
technology. And the cost of protecting yourself against someone 
with unlimited funds is now in everyone's reach. Most secrets are not 
like the Coke example above, but are terribly topical to the events of 
the day. Take, for example, the codes used in WW II, or a businessman 
discussing an upcoming merger. Moore's Law is already approaching its 
limitations. Brute forcing a 4096-bit key will require more than Moore.

> You can never get absolute protection, at least w/ current methods. 
> You can only get "good enough"  protection. And for most people and 
> most data today, 1024 bits is still "good enough".

I am not sure I understand this argument. If all you want is 
"good enough", why not go to a 56 bit key? Or one of the older 
algorithms? After all, are they not "good enough" for most data? Even 
if your data is not important today, what about tomorrow? Why wait for 
the day when you need really good encryption?

When it all comes down to it, 1024 is probably still secure, but 
there is no harm (and great future benefit), in going to 2048 or 
4096 as your key size. Brute forcing is always the means of last 
defense, as there are plenty of other ways for other people to 
compromise your key, but it never hurts to make every link in 
your chain as strong as possible.


--
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 200301151042

-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html

iD8DBQE+JYLvvJuQZxSWSsgRAsWwAJ9WneWYwxhxdfo9WYj8iwWOQCZfoQCbBtaB
kst0lgkObY7IxE6cM+6YPXk=
=J8EZ
-----END PGP SIGNATURE-----



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list