[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Use of large Keys
-----BEGIN PGP SIGNED MESSAGE-----
Roger Bryner said,
...You should always take some reasonable ammount of time(say 5
min) to encrypt your most sensitive messages, even if you have a
12 crays and a connection machene. The algorithim can be viewed
as giving you an economic advantage, and worying over spending
$.01 vs $.0001 is not just stingy, it is dangerous.
I disagree. The problem is not time to ENcrypt, which is not much
greater for large keys than small ones. This is because the ENcryption
exponent is usually a small number, like 17. The problem is the time
for your recipient to DEcrypt. On my 386/SX 16mz, DEcrypting a msg
with a 4096-bit key takes 5-10 minutes. I have a report that a
Pentium takes about 1.5 minutes. During that 5-10 minutes, many
recipients will not sit there watching grass grow, but will leave the
PC unattended to do something else. If during that time Janet Reno's
storm troopers break through the front door, your recipient may not
have time to power-off the PC and PGP will deliver your plaintext
message right into JR's hands! Thus in some cases use of a large key
can -reduce- security of your msg.
I haven't worked out the math, but I suspect that an 8000-bit key
is completely impractical for use on any desktop machine.
At this time, open use of a large key marks you as not using an MIT
version of PGP, thus making you a target of RSA. This is easily
avoided by exchanging large keys and messages encrypted with large
keys "inside an envelope" of 1024-bit key encryption.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLg6Mjd4nNf3ah8DHAQErZwP/RiKYC+iTX61iuNV/a8Ga1H3Cz1M/r1iL
0gYiHId1QckiKcWMt1f9XwbT4TpY9OWrVKb7wK1N94nKQq7T56eg/fuoEC4e2TlL
j5WXHX8S5SEUPWpTeU0V2XsnYeojsyBCHh8keVcDROr6nBZmxACmSxWEFMTjYfUf
3x8YdS2ThoE=
=0CI+
-----END PGP SIGNATURE-----
--
[email protected] (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca