[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving from 1024-bit -> 2048-bit key.



I am wondering if going to 2048 bits is worth it or not.  After a certain
point, it doesn't matter whether it takes 200 quadrillion years or 200
decillion years to factor a key, it will be a long time before its
factored ;-).

Perhaps keep your 1024 bit key, unless you want to expire it and generate
a new one.  (I did that, expired two keys, replaced them with a 2048
bit key, but realize that a 2048 bit key takes somewhat more time and
processing power to do the usual PGP hijinks with.  I probably would
be better off just using a 1500 bit key, but too late now...)

Just remember (so your web of trust stays intact) to sign your new key
and use your new key to sign your old one before revoking the old key.
This confirms that it IS a new key, rather than someone trying to
spoof you.  Also, keep a backup of your public and secret keyrings
before revoking the old key.  This is just common sense.  Make sure
your backup is secure, though.  (I PKZIP my PGP stuff, encrypt it several
times with convential key encryption, wnstorm it, THEN lastly use
Norton Diskreet with a password that is different from all the rest.
If Diskreet is not secure, PGP and wnstorm are, so I don't really care
if Diskreet has holes in it or not.  Its just there to 'spice things up'
for anyone trying to crack the backup, which is stored in a place any party I 
authorize or I can easily get at it.  If anyone sees something weak 
about this, E-mail me... ;-)

The main thing is not to go keysize crazy which I did, as you do
pay a performance penalty for those huge keys, and make sure that
your other avenues of attack are defended against.  (As soon as
I can, I am buying a portable 486 or Pentium, since my main weakness
is a 'black bag' attack using a good keystroke monitor or a hardware
bug, then a simple copy of the secring file when I mount my SecureDrive
partion and the Stacker partition inside of that to access my PGP
stuff.)


-------------------------------------------------------------------------
To find out more about the anon service, send mail to [email protected].
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to [email protected].