[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP: suggestions from the trench



> Taking all these factors into consideration, I would suggest that 
> the *minimum* size of the RSA modulus available for PGP is 1024 
> bits with a minimum ceiling of 2048 bits (or even more).  If for 
> performance reasons on certain platforms 1024 is deemed 
> impossibly slow, then a lesser number of bits ought to be 
> permitted *provided* that the security level for any key length 
> under, say, 768 bits is clearly labeled "TOY GRADE".

While I agree that keys of greater lengths out to be made available for
those fortunate enough to possess platforms powerful enough to use them,
your choice of words--'TOY GRADE'--is, perhaps, unfortunate.  Every user
of PGP has different reasons for needing/wanting encryption, & not all users
need the sort of protection that can withstand a determined attack mustered
by cryptographic experts.  Some users, frankly, just don't like people
snooping into their private mail, & therefore use PGP encryption as an
'envelope'.  Sure, the 'envelope' can be 'steamed open', but it's not likely
to be worth the trouble if you have no major secrets to conceal...