Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

8192bit RSA keys

  

 
GnuPG users RSS feed   Index | Next | Previous | View Threaded


madduck at madduck

Jul 6, 2009, 1:21 AM

Post #1 of 16 (1960 views)
Permalink
8192bit RSA keys
Hey folks,

Two years ago, there was a thread on this list, in which RSA key
sizes >2048 were discussed [0]. In these two years, the crypto-world
has been shaken up a bit, and computers got yet a bit more powerful.

0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html

I am trying to decide whether I want to create myself a new RSA key
and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like
to use the 8k variant, simply because I postulate that my machines
can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but
I don't know if this makes sense in practice.

I understand RSA and I cannot imagine compatibility problems with
other implementations, but I'd still like to reopen the issue and
ask this list what they think about >2048bit keys, and 8192bit in
particular.

Thanks,

--
martin | http://madduck.net/ | http://two.sentenc.es/

the unix philosophy basically involves
giving you enough rope to hang yourself.
and then some more, just to be sure.

spamtraps: madduck.bogus [at] madduck
Attachments: digital_signature_gpg.asc (0.19 KB)


wk at gnupg

Jul 8, 2009, 3:54 AM

Post #2 of 16 (1912 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Mon, 6 Jul 2009 10:21, madduck [at] madduck said:

> ask this list what they think about >2048bit keys, and 8192bit in
^^^^^^^

I see one eight miles high fence post with the rest of your areal
protected by a tripwire.

My position on that topic should be well enough known.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Jul 8, 2009, 5:18 AM

Post #3 of 16 (1901 views)
Permalink
Re: 8192bit RSA keys [In reply to]
martin f krafft wrote:
> Two years ago, there was a thread on this list, in which RSA key
> sizes >2048 were discussed [0]. In these two years, the crypto-world
> has been shaken up a bit, and computers got yet a bit more powerful.

With respect to key sizes, nothing has changed since then.

IMO, keys larger than 2kbit have no practical purpose for >95% of users.
Keys larger than 4kbit have no practical purpose, period.



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Jul 8, 2009, 10:36 AM

Post #4 of 16 (1898 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Jul 6, 2009, at 4:21 AM, martin f krafft wrote:

> Hey folks,
>
> Two years ago, there was a thread on this list, in which RSA key
> sizes >2048 were discussed [0]. In these two years, the crypto-world
> has been shaken up a bit, and computers got yet a bit more powerful.
>
> 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html
>
> I am trying to decide whether I want to create myself a new RSA key
> and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like
> to use the 8k variant, simply because I postulate that my machines
> can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but
> I don't know if this makes sense in practice.

It depends on what you're protecting against. For most common cases,
a 8192-bit RSA key is likely so vastly stronger than the rest of your
environment that a smart attacker wouldn't bother to attack it.
They'd just go after what they want via other attacks against you and/
or your environment. Mind you, the same thing is true for a 2048-bit
RSA key as well. (I'd wager that for many people, the same thing is
also true for a 512-bit RSA key). If you can get the same end result
with a smaller key, you need to ask yourself what the big key actually
buys you.

If you're looking for a more immediate reason, though, note that if
you make a RSA key larger than 2048 bits you can't use it with the
spiffy new OpenPGP smartcard.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


jeandavid8 at verizon

Jul 8, 2009, 11:05 AM

Post #5 of 16 (1902 views)
Permalink
Re: 8192bit RSA keys [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw wrote:
| On Jul 6, 2009, at 4:21 AM, martin f krafft wrote:
|
|> Hey folks,
|>
|> Two years ago, there was a thread on this list, in which RSA key
|> sizes >2048 were discussed [0]. In these two years, the crypto-world
|> has been shaken up a bit, and computers got yet a bit more powerful.
|>
|> 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html
|>
|> I am trying to decide whether I want to create myself a new RSA key
|> and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like
|> to use the 8k variant, simply because I postulate that my machines
|> can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but
|> I don't know if this makes sense in practice.
|
| It depends on what you're protecting against. For most common cases,
| a 8192-bit RSA key is likely so vastly stronger than the rest of your
| environment that a smart attacker wouldn't bother to attack it.
| They'd just go after what they want via other attacks against you and/
| or your environment. Mind you, the same thing is true for a 2048-bit
| RSA key as well. (I'd wager that for many people, the same thing is
| also true for a 512-bit RSA key). If you can get the same end result
| with a smaller key, you need to ask yourself what the big key actually
| buys you.
|
| If you're looking for a more immediate reason, though, note that if
| you make a RSA key larger than 2048 bits you can't use it with the
| spiffy new OpenPGP smartcard.
|
Another reason is that even if increasing my key size to would increase my
security in some sense, I do not want my GPG security to be so strong that
the black hats would bypass it and torture the key out of me.

- --
~ .~. Jean-David Beyer Registered Linux User 85642.
~ /V\ PGP-Key: 9A2FC99A Registered Machine 241939.
~ /( )\ Shrewsbury, New Jersey http://counter.li.org
~ ^^-^^ 14:00:01 up 20 days, 49 min, 3 users, load average: 4.05, 4.34, 4.48
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFKVN/vPtu2XpovyZoRAsT/AJ4k/O4O517+YH7KYaLevt28VFOT+wCeO5GW
9I/aKv70703nlIyx7PbfJow=
=Trab
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


jmoore3rd at bellsouth

Jul 8, 2009, 12:55 PM

Post #6 of 16 (1895 views)
Permalink
Re: 8192bit RSA keys [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jean-David Beyer wrote:

> Another reason is that even if increasing my key size to would increase my
> security in some sense, I do not want my GPG security to be so strong that
> the black hats would bypass it and torture the key out of me.

Depending upon the sophistication of Your adversary, brute force may be
the 'method of choice' even if You were using ROT-13. :-D

JOHN ;)
Timestamp: Wednesday 08 Jul 2009, 15:55 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn5046: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Personal Web Page: http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJKVPm3AAoJEBCGy9eAtCsPgtgH/25b9+z5sFdPKGFt3Cs6LhD5
JIyCFugs6DUfTgiKBtgiBhsjwd2uQ3F9yhMykPRIkkIcQn6nCjQHbYMCCvUXlUry
2a7yaUwoOeuons93f5kUyq278nx88h6A71oe/RqC2g5yVdk7h6RdtkDKJhaPd4Yf
BVpJjdU4dOTidxHIoBpr4tkkeHjOcr9M7rzSZ21LINnqvJpGEVNbSMaYDyWVEmRN
OiBAaZfU8DDDXYciAzaZGl3JRjzmfawyU2q/PrWXkthUcvzFnhXPG7b20rRfW/oF
fsHIZfF+4HdIaS5S9ox+/NaPSRSNtB/OFhFc08QtJ3wXz5bPqn6XYz6XOo6aex4=
=Drlu
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dan at geer

Jul 8, 2009, 1:18 PM

Post #7 of 16 (1899 views)
Permalink
Re: 8192bit RSA keys [In reply to]
> It depends on what you're protecting against. For most common cases,
> a 8192-bit RSA key is likely so vastly stronger than the rest of your
> environment that a smart attacker wouldn't bother to attack it.
> They'd just go after what they want via other attacks against you and/
> or your environment. Mind you, the same thing is true for a 2048-bit
> RSA key as well. (I'd wager that for many people, the same thing is
> also true for a 512-bit RSA key).

What a great idea for a metric!

--dan


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


eocsor at gmail

Jul 9, 2009, 2:39 AM

Post #8 of 16 (1904 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Thu, Jul 9, 2009 at 3:36 AM, David Shaw<dshaw [at] jabberwocky> wrote:
...
> If you're looking for a more immediate reason, though, note that if you make
> a RSA key larger than 2048 bits you can't use it with the spiffy new OpenPGP
> smartcard.


Oh, something I've been for. Any more info? :)

-- Roscoe

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Jul 9, 2009, 11:40 AM

Post #9 of 16 (1889 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Jul 9, 2009, at 5:39 AM, Roscoe wrote:

> On Thu, Jul 9, 2009 at 3:36 AM, David Shaw<dshaw [at] jabberwocky>
> wrote:
> ...
>> If you're looking for a more immediate reason, though, note that if
>> you make
>> a RSA key larger than 2048 bits you can't use it with the spiffy
>> new OpenPGP
>> smartcard.
>
>
> Oh, something I've been for. Any more info? :)

http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42

They say they have the new cards in stock now.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


madduck at madduck

Jul 9, 2009, 12:32 PM

Post #10 of 16 (1829 views)
Permalink
Re: 8192bit RSA keys [In reply to]
also sprach David Shaw <dshaw [at] jabberwocky> [2009.07.09.2040 +0200]:
> http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42
>
> They say they have the new cards in stock now.

So they say key length up to 3k. Does that affect key generation
only? If not, why wouldn't those cards be able to handle larger
keys?

--
martin | http://madduck.net/ | http://two.sentenc.es/

"with sufficient thrust, pigs fly just fine. however, this is not
necessarily a good idea. it is hard to be sure where they are going
to land, and it could be dangerous sitting under them as they fly
overhead."
-- rfc 1925

spamtraps: madduck.bogus [at] madduck
Attachments: digital_signature_gpg.asc (0.19 KB)


joelcsalomon at gmail

Jul 9, 2009, 7:57 PM

Post #11 of 16 (1890 views)
Permalink
Re: 8192bit RSA keys [In reply to]
martin f krafft wrote:
> ... 8192bit [keys].

http://xkcd.com/538/

—Joel Salomon
Attachments: signature.asc (0.19 KB)


srivasta at ieee

Jul 9, 2009, 8:52 PM

Post #12 of 16 (1880 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Thu, Jul 09 2009, David Shaw wrote:

> On Jul 9, 2009, at 5:39 AM, Roscoe wrote:
>
>> On Thu, Jul 9, 2009 at 3:36 AM, David Shaw<dshaw [at] jabberwocky>
>> wrote:
>> ...
>>> If you're looking for a more immediate reason, though, note that if
>>> you make a RSA key larger than 2048 bits you can't use it with the
>>> spiffy new OpenPGP smartcard.

>> Oh, something I've been for. Any more info? :)
>
> http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42

According to that page, it supports 3072 bit keys (which I
understand is perhaps overkill).

> They say they have the new cards in stock now.

I just bought one :-)

I have a 4096 bit RSA key -- can I create 2048 or 3072 bit
subkeys and only copy these keys to the card? Or will the fact that the
primary key is 4096 bits stymie the operation?

manoj
--
Everything is for sale; only the price is negotiable.
Manoj Srivastava <srivasta [at] acm> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Jul 10, 2009, 12:13 AM

Post #13 of 16 (1891 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Fri, 10 Jul 2009 04:57, joelcsalomon [at] gmail said:
> martin f krafft wrote:
>> ... 8192bit [keys].
>
> http://xkcd.com/538/

No need to remember that URL; the online help tells you ;-)

What keysize do you want? (2048) ?
Enter the size of the key.

The suggested default is usually a good choice.

If you want to use a large key size, for example 4096 bit, please
think again whether it really makes sense for you. You may want
to view the web page http://www.xkcd.com/538/ .
What keysize do you want? (2048)




Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


JPClizbe at tx

Jul 10, 2009, 1:12 AM

Post #14 of 16 (1889 views)
Permalink
Re: 8192bit RSA keys [In reply to]
Werner Koch wrote:
> On Fri, 10 Jul 2009 04:57, joelcsalomon [at] gmail said:
>> martin f krafft wrote:
>>> ... 8192bit [keys].
>>
>> http://xkcd.com/538/
>
> No need to remember that URL; the online help tells you ;-)
>


OK then. How about /this/ one to illustrate >= 8k RSA keys in practical
terms?

http://failblog.org/2009/05/22/security-fail-5/


--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
Attachments: signature.asc (0.66 KB)


wk at gnupg

Jul 10, 2009, 6:32 AM

Post #15 of 16 (1875 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Fri, 10 Jul 2009 05:52, srivasta [at] ieee said:

> I have a 4096 bit RSA key -- can I create 2048 or 3072 bit

4096 is in fact also supported but that would require major changes in
GnuPG, thus this published limit of 3072

> subkeys and only copy these keys to the card? Or will the fact that the
> primary key is 4096 bits stymie the operation?

That works.

However, 3072 bit signing had another bug which I fixed this morning.
Thus you need to use the latest SVN.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


srivasta at ieee

Jul 25, 2009, 11:38 PM

Post #16 of 16 (1599 views)
Permalink
Re: 8192bit RSA keys [In reply to]
On Fri, Jul 10 2009, Werner Koch wrote:

> On Fri, 10 Jul 2009 05:52, srivasta [at] ieee said:
>
>> I have a 4096 bit RSA key -- can I create 2048 or 3072 bit
>
> 4096 is in fact also supported but that would require major changes in
> GnuPG, thus this published limit of 3072
>
>> subkeys and only copy these keys to the card? Or will the fact that the
>> primary key is 4096 bits stymie the operation?
>
> That works.
>
> However, 3072 bit signing had another bug which I fixed this morning.
> Thus you need to use the latest SVN.

I can report that 2048 bit RSA subkeys can be generated on the
machine, transferred to the version 2 card, and they work.

However, working with gnupg2 from Thursday VCS, 3072 bit keys
can be created, transferred to the card, and may encrypt files, but
decrypting the file failed with a cryptic "card error".

I am now happy with my 2048 bit keys :-)

manoj
--
UNIX was half a billion (500000000) seconds old on Tue Nov 5 00:53:20
1985 GMT (measuring since the time(2) epoch). -- Andy Tannenbaum
Manoj Srivastava <srivasta [at] acm> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.