[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A case for 2560 bit keys
On 8 Jul 96 at 23:09, David F. Ogren wrote:
[..]
> Despite the above, there are convincing arguments for longer RSA keys.
> Instead of asking "Why should we have longer keys?", perhaps we should be
> asking "Why _shouldn't_ we have longer keys?"
> In a hybrid cryptosystem such as PGP, very little of the computational
> process is consumed by RSA encryption. Only a tiny fraction of the message
> is RSA encrypted (the session key), and thus the time-critical operation is
> the symmetric crypto system (IDEA for PGP).
>
> As an experiment generate a 2047 bit PGP key and a 512 bit PGP key.
> Encrypt a file (preferably of a reasonable size) using both keys.
> Depending on the computer you are using, the time difference between the
> two keys will be a matter of few seconds or even a fraction of a second.
Depends on the computers one uses, and who you are computing with.
I've heard some horror stories of people using PGP modified to handle
4kbit or 8kbit keys on 286s that waited <i>days</i> to generate keys
and hours to sign or decrypt messages.
If you're exchanging messages with people using fast computers,
lerger key sizes are practical. Otherwise you need to take the issue
of key-size/speed tradoff seriously.
> It seems foolish that we use RSA keys that are less secure than our IDEA
> session keys. Our RSA keys are much more valuable than our session keys.
[..]
If very improved factoring methods are discovered, it might not
matter. If a new method of cryptanalysis against IDEA comes out,
that might make RSA key-sizes a non-issue.
AFAIK, PGPlib will support multiple public key and private key
algorithms.
Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 [email protected] (root@magneto)
AB1F4831 1993/05/10 Deranged Mutant <[email protected]>
Send a message with the subject "send pgp-key" for a copy of my key.