Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Some people say longer keys are silly. I think they should be supported by gpg.

 

 

First page Previous page 1 2 Next page Last page  View All GnuPG users RSS feed   Index | Next | Previous | View Threaded


tim.kachao at gmail

May 22, 2012, 1:58 AM

Post #1 of 45 (1082 views)
Permalink
Some people say longer keys are silly. I think they should be supported by gpg.

I think it should be okay to dredge up this topic ever couple years. From
what I am reading, links below, I do not feel comfortable with the key
length and algorithmic security offered by GPG's defaults.

I have not been able to figure out how to get keylengths greater than 3072
for DSA/elgmal or >4094 rsa, so I conclude that generating them is
unsupported by GPG although GPG can use them. I have seen many people
saying that these types of key lengths are way more than anyone could
reasonably need, but I am skeptical.

I am involved in a local Occupy (bet you thought occupy was kaput eh? well
as it were known it is but that's another story) and frankly we aren't
just up against one intelligence agency, but all intel agencies put
together. An entire global class of people. You can argue that they may
be uninterested in me, however I don't buy that argument at all because
they have spent (possibly a lot) more than a thousand dollars at least on
me personally at this point I am sure in policing costs to try to
survielle and intimidate me, after you divide down.

The eviction alone at my occupy cost (probably greatly) in excess of
$16,000 to arrest 8 people, and involved almost 200 cops for 4 hours.
There are also estimates made that in the US 1 in 6 "protestors" is
actually a government agent of one sort or another, dept of defense,
homeland security, fbi what have you. And that exludes any thugs the
bankers put in the crowd as privately hired types.

Secondly I want my communications to remain unread into the relatively
distant future. Given the sort of crap the 1% do wrt murdering and
maiming vast quantites of people for a couple extra bucks I would not be
the least bit surprised if 20 years from now they "dissapeared" me
because I passed our some pamphlets that said "end class war now".

An enemy is an enemy, and enemies must be smooshed, right? Why take risks
like letting an innocent person live if they might concievable scratch
your gravy train at some point in the future? Abductions and bullets
aren't that expensive once you got everything all set up, it's a good
investement.


I'm 23 now and I take various modest precautions to ensure that I have the
best chance I can to remain in good health when I am 43. Or 63. A couple
hundred extra milliseconds of decryption/encryption time per message for
a key longer than 3072 or 4092 sounds like a good choice frankly. Is
that not what we are looking at?

And yes I recognize that it would be a lot easier for them to plant spyware
on my computers than break the keys, however they can't plant spyware on
everone's computer. without people noticing They do slurp up and
probably store indefinitely all text -and many other- communications on
the internet (carnivore etc.). In the future, data they don't have they
can't use. There is always a substantial probability that they will not
get my keys with spyware, and I would like capitalize (If you'll pardon
me) on that.

Fourthly a little safety margin never hurt.

I think it should be easier to pick longer keys. Also info should be
included in the compendium regarding practical aspects of key choice,
like a table that shows how long it takes to encrypt a symmetric key with
2048, 4092 etc. Or event just a table in which you select your
adversary, then your time horizon, and it tells you what key lengths are
suitable, with due warnings and notes regarding the possibility of
quantum computers, mathematical advances etc.

I understand that no matter how long the keys are it's still only a
relatively small part of the equation. However I thought it was the norm
to pick something that basically eliminated concern about the encryption
being broken, so one could forget about that part and focus on the
rest.of your security worries.

My trust in GPG has been disturbed by this state of affairs. I thought I
could just trust the defaults but I am finding that they may not really
include the safety margin that people desire. I shudder to think of
people who are doing more serious stuff in the class war than little ol'
me (which isn't hard).

Links:
http://en.wikipedia.org/wiki/RSA_%28algorithm%29
-http://www.schneier.com/essay-368.html < note that this was written in 1998
http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes
it clear that it is not unreasonable for someone in my position to choose
a 4096 bit key.


http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government
requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit
RSA or elGamal key is about equivalent to 128 bit symmetric key, right?
And a 256 bit key length equivalent public key is abut 15,387 bits.. I
think if people want to use the same level of encryption for their data
that the government uses shouldn't that be supported at least in command
line mode?
http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies
in computation and cost of public key vs. symmetric.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


jerry at seibercom

May 22, 2012, 5:12 AM

Post #2 of 45 (1068 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On Tue, 22 May 2012 04:58:48 -0400
tim.kachao [at] gmail articulated:

{snip}

<sarcasm>

Interesting! I once worked for a secret government agency. We had a
working theory that anyone using encryption for other than normal
business operations was an obvious enemy of the state. I guess we must
have missed you. We will be coming soon.

</sarcasm>

Seriously, have you forgotten to take your meds today?

--
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

"if all you have is a hammer, everything looks like a nail"

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


david at gbenet

May 22, 2012, 5:34 AM

Post #3 of 45 (1062 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/05/12 09:58, tim.kachao [at] gmail wrote:
> I think it should be okay to dredge up this topic ever couple years. From
> what I am reading, links below, I do not feel comfortable with the key
> length and algorithmic security offered by GPG's defaults.
>
> I have not been able to figure out how to get keylengths greater than 3072
> for DSA/elgmal or >4094 rsa, so I conclude that generating them is
> unsupported by GPG although GPG can use them. I have seen many people
> saying that these types of key lengths are way more than anyone could
> reasonably need, but I am skeptical.
>
> I am involved in a local Occupy (bet you thought occupy was kaput eh? well
> as it were known it is but that's another story) and frankly we aren't
> just up against one intelligence agency, but all intel agencies put
> together. An entire global class of people. You can argue that they may
> be uninterested in me, however I don't buy that argument at all because
> they have spent (possibly a lot) more than a thousand dollars at least on
> me personally at this point I am sure in policing costs to try to
> survielle and intimidate me, after you divide down.
>
> The eviction alone at my occupy cost (probably greatly) in excess of
> $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours.
> There are also estimates made that in the US 1 in 6 "protestors" is
> actually a government agent of one sort or another, dept of defense,
> homeland security, fbi what have you. And that exludes any thugs the
> bankers put in the crowd as privately hired types.
>
> Secondly I want my communications to remain unread into the relatively
> distant future. Given the sort of crap the 1% do wrt murdering and
> maiming vast quantites of people for a couple extra bucks I would not be
> the least bit surprised if 20 years from now they "dissapeared" me
> because I passed our some pamphlets that said "end class war now".
>
> An enemy is an enemy, and enemies must be smooshed, right? Why take risks
> like letting an innocent person live if they might concievable scratch
> your gravy train at some point in the future? Abductions and bullets
> aren't that expensive once you got everything all set up, it's a good
> investement.
>
>
> I'm 23 now and I take various modest precautions to ensure that I have the
> best chance I can to remain in good health when I am 43. Or 63. A couple
> hundred extra milliseconds of decryption/encryption time per message for
> a key longer than 3072 or 4092 sounds like a good choice frankly. Is
> that not what we are looking at?
>
> And yes I recognize that it would be a lot easier for them to plant spyware
> on my computers than break the keys, however they can't plant spyware on
> everone's computer. without people noticing They do slurp up and
> probably store indefinitely all text -and many other- communications on
> the internet (carnivore etc.). In the future, data they don't have they
> can't use. There is always a substantial probability that they will not
> get my keys with spyware, and I would like capitalize (If you'll pardon
> me) on that.
>
> Fourthly a little safety margin never hurt.
>
> I think it should be easier to pick longer keys. Also info should be
> included in the compendium regarding practical aspects of key choice,
> like a table that shows how long it takes to encrypt a symmetric key with
> 2048, 4092 etc. Or event just a table in which you select your
> adversary, then your time horizon, and it tells you what key lengths are
> suitable, with due warnings and notes regarding the possibility of
> quantum computers, mathematical advances etc.
>
> I understand that no matter how long the keys are it's still only a
> relatively small part of the equation. However I thought it was the norm
> to pick something that basically eliminated concern about the encryption
> being broken, so one could forget about that part and focus on the
> rest.of your security worries.
>
> My trust in GPG has been disturbed by this state of affairs. I thought I
> could just trust the defaults but I am finding that they may not really
> include the safety margin that people desire. I shudder to think of
> people who are doing more serious stuff in the class war than little ol'
> me (which isn't hard).
>
> Links:
> http://en.wikipedia.org/wiki/RSA_%28algorithm%29
> -http://www.schneier.com/essay-368.html < note that this was written in 1998
> http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes
> it clear that it is not unreasonable for someone in my position to choose
> a 4096 bit key.
>
>
> http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government
> requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit
> RSA or elGamal key is about equivalent to 128 bit symmetric key, right?
> And a 256 bit key length equivalent public key is abut 15,387 bits.. I
> think if people want to use the same level of encryption for their data
> that the government uses shouldn't that be supported at least in command
> line mode?
> http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies
> in computation and cost of public key vs. symmetric.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users [at] gnupg
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
Some say that all the power of the universe - and all the time its been in existence will
not crack a 2048 bit key with a secure passphrase. So by the time the universe is well and
truly over and some poor sod of a government agent is alive and well he will not have
cracked yer e-mails or indeed any encrypted data. Can you imagine that power from a
computer? No. The mind boggles at the energy it would consume - a million million million ad
infinitum suns.

But they "key" to all this is them holding your private key - it would be quicker and a lot
simpler to crush your balls with a pair of pliers - you will give up your most treasured
possession - your passphrase. This is the meaning of brute force attacks on your key.

The strength of your passphrase is critical alpha numerics take the whole universe to crack
where as a phrase like:

"marymary&%/*had*)/+a:+=little$£"KL$Donkey#*hadxxxabad%$*JHGbadIUNG6**leg^)andalways@#][a\|little-0UHKTwalkedUKL:@?^wonkey


is a good key it will last you forever - if you can stand having your balls crushed. So the
best form of security would be to invest in a sturdy steel codpiece and a long passphrase.

David

- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPu4e+AAoJEOJpqm7flRExvbwH/jQ63xJMsbTFKpwSugXEVf7E
u4EhPUpBUrMGW51XYubEsEa/lJFRm9OTysG7/f33gQP27z3pKqqH0ZX9Te38e781
+CqBMdvpB18f+LBROk/21AcpErlFIqYAoDhvgmOVdNvWGKfW61GKvdcHpoitPMt3
fEOAw3qZRZZqd+fOQUt42uFWx2YCtOMdWDt3slih6TI3gq5E3/+CtXkWO41czy3g
BHY61NEriOplQ+0HfrKulDsXArPRpfddN7N4kfuiAwm7kzjfitgcUdWdU/ZJE2Zp
oNvQ83zjzisHFHDg1c6n4hpJzGPLQ96ox6GMj+igEIW73A/N45nWSUoMzGdsPao=
=YnnX
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

May 22, 2012, 6:23 AM

Post #4 of 45 (1068 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 5/22/12 8:12 AM, Jerry wrote:
> Seriously, have you forgotten to take your meds today?

Let's not be mean.

I will be the absolute first person demanding the right to criticize
ideas as harshly as I want. I'll happily call an idea stupid,
ill-informed, wrong, or anything else. I do this with a clear
conscience because I know that I'm not my ideas, just like nobody else
is theirs.

But I don't ever want to the the first person to be calling *people*
those things. People are special, precious, and often fragile. Our
community is made up of these rare commodities, and it behooves us to
treat other people with dignity and respect and consideration.

Let's not be mean.



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


david at gbenet

May 22, 2012, 6:36 AM

Post #5 of 45 (1067 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/05/12 13:12, Jerry wrote:
> On Tue, 22 May 2012 04:58:48 -0400 tim.kachao [at] gmail articulated:
>
> {snip}
>
> <sarcasm>
>
> Interesting! I once worked for a secret government agency. We had a working theory that
> anyone using encryption for other than normal business operations was an obvious enemy
> of the state. I guess we must have missed you. We will be coming soon.
>
> </sarcasm>
>
> Seriously, have you forgotten to take your meds today?
>

Knock! Knock!

I think that here in the UK the intelligence services have always considered that the real
enemy of the state was the people!

I take a dispersible Aspirin every day - keeps the "spooks" away! Ha!

David

- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPu5ZMAAoJEOJpqm7flRExQbQH/RpzFyB5fZ4wWvds+L09MHfS
0mnw+8PNfIXEOczswWGRkzMmbHcqTfhH2k669VppcQx1UXCYcJseTquRArlcxVl/
Et/I8cBIJu0TnkDvJmbzEacJAJpM6LRSqfZtjzIS4BTFnaJCsrNg1Z+mXAH0qaNT
6oL1VTOUTVsQuLytNeZSUCTppIlt6UtSB38c3HqxOZufJmH2GQK7bzYUnbPbvODo
mLJ/psupfAEBmk81wAinIe0JxX2d+enVGYsZyOk0cvCLe2JY+4JBpMJx2Iydhv+N
Zc4ee4kkbTvMHjEBxHQ6UcK+A2c515F/xmmaBgo8/fUw1VOTYuG3Wd8BbLp9JjY=
=xXwi
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


christoph.anton.mitterer at physik

May 22, 2012, 6:39 AM

Post #6 of 45 (1067 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

Hi.

This pops up over and over again...

>From a technical point of view that seems to be not only a intended
limitation,... at least it's not enough to change the max size in the
code,... there seem to be several buffers one would need to enlarge in
order to make bigger keys.

Personally I'd prefer if gpg wouldn't have that limitation.

I know all the arguments against larger keys.... which is why I'd
suggest to enable larger sizes only when --expert is given and even then
warn.


Most people will get quickly distracted from large key sizes anyway when
they see how long their generation takes ;)


Nevertheless I guess it could even help to find awkward bugs or other
issues that may not appear with the "moderate" key sizes.



Cheers,
Chris.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

May 22, 2012, 6:51 AM

Post #7 of 45 (1071 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 5/22/12 4:58 AM, tim.kachao [at] gmail wrote:
> I am involved in a local Occupy (bet you thought occupy was kaput eh?
> well as it were known it is but that's another story) and frankly we
> aren't just up against one intelligence agency, but all intel
> agencies put together.

You might want to re-think talking about this in a public forum. This
mailing list is open to everyone, including the very people you're
talking about. The first rule of good operational security is, "don't
draw attention to yourself or your organization."

> Secondly I want my communications to remain unread into the
> relatively distant future.

A 3072-bit key will do that today. Breaking a 3K key would require such
technological advances that it would be indistinguishable from science
fiction. There's no point in going past a 3K key because if a 3K key
were to ever fall we'd have to reconsider the mathematical foundations
of cryptography.

> I'm 23 now and I take various modest precautions to ensure that I
> have the best chance I can to remain in good health when I am 43. Or
> 63. A couple hundred extra milliseconds of decryption/encryption
> time per message for a key longer than 3072 or 4092 sounds like a
> good choice frankly. Is that not what we are looking at?

No, it's not.

Imagine an automobile. You might say, "well, I'd like an additional
hundred horsepower so I want to put a V-8 engine in my automobile: why
doesn't my automobile support this?" But if your car is a Fiat 500,
well, there's simply not the room for such a large engine, nor is the
transmission or powertrain ready for that. For that matter, even the
wheels would have to be redesigned: sustained high-speed driving on your
average Goodyears will cause them to delaminate and come apart, so you'd
need H-rated sport wheels or Pirelli PZero Neros.

Changing one component requires changes to a lot of other components.
That's what we're facing with changing the maximum key length. The
mobile experience would be impacted, the embedded market would be
impacted, and even interoperability with other OpenPGP applications
would be impacted (since as far as I know none of them save for PGP
6.5.8ckt support such large keys).

It's all right to ask for larger keys to be supported, but there are
tradeoffs to be made here.

> Fourthly a little safety margin never hurt.

That safety margin is already present.

> I understand that no matter how long the keys are it's still only a
> relatively small part of the equation. However I thought it was the
> norm to pick something that basically eliminated concern about the
> encryption being broken, so one could forget about that part and
> focus on the rest.of your security worries.

Yes, and 128-bit crypto is plenty sufficient for that.

> http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S.
> Government requires 192 or 256-bit AES keys for highly sensitive
> data.

Quoting from that page, "128 bits is currently thought, by many
observers, to be sufficient for the foreseeable future."

The Wikipedia page is also in error. Per the publicly-available NSA
Suite B documents, AES128 is considered sufficient for SECRET data.
There is no AES192 requirement in Suite B.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

May 22, 2012, 8:50 AM

Post #8 of 45 (1070 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On Tue, 22 May 2012 10:58, tim.kachao [at] gmail said:

> on my computers than break the keys, however they can't plant spyware on
> everone's computer. without people noticing They do slurp up and

Are you sure? Did you looked at the GnuPG code so closely to come up
with such a strong statement? I should feel honored that you put that
much trust into us GnuPG authors and the few white hats who closely
reviewed the code. However there is more to it than GnuPG. Do you put
the same trust into the gcc and glibc maintainers, Linux kernel hackers,
the Windows hackers at Microsoft and elsewhere, the hardware guys at
Intel or AMD, the support chip vendors? There are a lot of ways to
compromise a system, hidden backdoors in other systems have already been
revealed in the past.

> 2048, 4092 etc. Or event just a table in which you select your
> adversary, then your time horizon, and it tells you what key lengths are
> suitable, with due warnings and notes regarding the possibility of

Any such table would to some extend be the result of applying black
magic. GnuPG is just a tool and not a cover all security solution. For
such a solution you need to come up with a threat analysis, evaluate
countermeasures, policies, training, more software, and likely
additional hardware (walls, locks, barbed wire).

> to pick something that basically eliminated concern about the encryption
> being broken, so one could forget about that part and focus on the
> rest.of your security worries.

Right, we are doing just that. As of now 2048 bit RSA is a pretty good
default. Before you use a longer key, my suggestion would be to first
install a random generator which holds up with such a key.

> http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies
> in computation and cost of public key vs. symmetric.

That is pure cryptography and as such good hint on how to select
defaults for a general purposes system - but not a absolute truth.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

May 22, 2012, 8:50 AM

Post #9 of 45 (1063 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 22/05/12 15:39, Christoph Anton Mitterer wrote:
> Nevertheless I guess it could even help to find awkward bugs or other
> issues that may not appear with the "moderate" key sizes.

Or bugs only affecting large keys are not found because so few people use it,
and it becomes an attack vector affecting only those using large keys.

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

May 22, 2012, 9:28 AM

Post #10 of 45 (1067 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 5/22/12 11:50 AM, Werner Koch wrote:
> There are a lot of ways to compromise a system, hidden backdoors in
> other systems have already been revealed in the past.

It's worth bringing out Vint Cerf's estimate that between a sixth and a
quarter of all desktop PCs have been completely compromised and are
under the control of botnet operators [1]. That was from five years
ago: the numbers are probably worse today.

And that only covers people targeted randomly! For those people
unfortunate enough to be targeted for surveillance by an even
semi-competent crew, it's far worse. Your front door is no obstacle to
someone who's learned how to pick a lock -- or someone smart enough to
look around for a fake plastic rock nearby in which you've placed your
backup key. I have no doubt whatsoever that a good crew could gain
access, enter, compromise the target's PC and be out of there in under
five minutes without the target ever knowing about it.

So, yes. If anyone is the target of a serious surveillance campaign
(legal or extralegal, state actors or non-state actors, whatever),
well... you have your work cut out for you defending against that.
GnuPG will not save you, not even with a 16K keypair.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

May 22, 2012, 9:30 AM

Post #11 of 45 (1063 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 5/22/12 12:28 PM, Robert J. Hansen wrote:
> under the control of botnet operators [1].

Whoops.

[1] http://news.bbc.co.uk/2/hi/business/6298641.stm

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


jerry at seibercom

May 22, 2012, 9:33 AM

Post #12 of 45 (1067 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On Tue, 22 May 2012 09:23:36 -0400
Robert J. Hansen articulated:

>On 5/22/12 8:12 AM, Jerry wrote:
>> Seriously, have you forgotten to take your meds today?
>
>Let's not be mean.
>
>I will be the absolute first person demanding the right to criticize
>ideas as harshly as I want. I'll happily call an idea stupid,
>ill-informed, wrong, or anything else. I do this with a clear
>conscience because I know that I'm not my ideas, just like nobody else
>is theirs.
>
>But I don't ever want to the the first person to be calling *people*
>those things. People are special, precious, and often fragile. Our
>community is made up of these rare commodities, and it behooves us to
>treat other people with dignity and respect and consideration.
>
>Let's not be mean.

Sorry, I did not mean it to sound that way. I have worked with people
that when they forget to take their medication are absolutely paranoid
beyond belief. You have no doubt heard the phase, "Only sick people
take drugs; therefore, if I don't take drugs I am not sick." Many
paranoid, schizophrenics rationalize skipping their medication on just
that sort of logic. What really amazed me though was that the OP wants
security and yet he uses GMail. "GMail" and "security" are
diametrically opposed concepts.

Now if you will excuse me, I have to put new aluminum foil up on my
windows.

--
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

May 22, 2012, 10:10 AM

Post #13 of 45 (1064 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

I apologize in advance if any of this sounds snarky. It's not intended
as such. Everything I've written here is sincere.

> I am involved in a local Occupy (bet you thought occupy was kaput eh? well
> as it were known it is but that's another story) and frankly we aren't
> just up against one intelligence agency, but all intel agencies put
> together.

Did you know that in the United States, the Fish and Wildlife Service is
an intelligence agency? Check their jobs postings and you'll see a good
number of them say a security clearance is required.

Your claim may lead people to writing off your movement on the grounds
that one of two things are true. Either:

- "They're a bunch of crazies who think that even the park
rangers are after them,"
- Or, "holy Toledo, even the park rangers are after them!"

It seems unlikely to me that either one will engender much support. If
people think the former, then the movement is crazy and can be written
off. If people think the latter, then it's incredibly dangerous to
stand too close to you and no one will show up to your protests.

> There are also estimates made that in the US 1 in 6 "protestors" is
> actually a government agent of one sort or another, dept of defense,
> homeland security, fbi what have you.

Not even Nicolai Ceaucescu's Romania or Erich Honecker's German
Democratic Republic were able to get one in six people to serve as
informers.

> I'm 23 now and I take various modest precautions to ensure that I have the
> best chance I can to remain in good health when I am 43. Or 63. A couple
> hundred extra milliseconds of decryption/encryption time per message for
> a key longer than 3072 or 4092 sounds like a good choice frankly. Is
> that not what we are looking at?

No, it's not what we're looking at.

If we take you seriously, if we really believe what you say, then what
we're looking at is:

- If we help you, we're likely going to get "disappeared",
either now or in twenty years
- Your group is completely penetrated/compromised
- Your group has no effective methods of policing itself
to detect and expel infiltrators
- There's an excellent chance *you yourself* are a mole.
After all, there's no better way to deflect suspicion than
to be looking for moles -- ask Aldrich Ames or Robert Hanssen
- And yet, you believe that if GnuPG supports larger key
sizes that your security will be substantially improved.

> Fourthly a little safety margin never hurt.

If what you say is true, then just by coming onto this list and asking
for help you have put everyone on this list in jeopardy. Your obsession
with a "little safety margin" seems rather hypocritical.

There are really only two possibilities here. Either your claims are
substantially true, or they are substantially false. I believe they are
substantially false, and I encourage you to re-think them. A correct
estimation of your situation and what sorts of security threats you're
facing will do you infinitely more good than a larger GnuPG key.

And with that, I'm done with this thread. I wish you luck.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


hka at qbs

May 22, 2012, 10:18 AM

Post #14 of 45 (1061 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On Tuesday 22 of May 2012 12:33:03 Jerry wrote:
> What really amazed me though was that the OP wants
> security and yet he uses GMail. "GMail" and "security" are
> diametrically opposed concepts.

Since when the security of encryption is dependant on the
carrier/communication channel?

Did I miss some memo?

Regards,
--
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerw 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


hka at qbs

May 22, 2012, 10:23 AM

Post #15 of 45 (1061 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On Tuesday 22 of May 2012 13:34:20 david [at] gbenet wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 22/05/12 09:58, tim.kachao [at] gmail wrote:
> > I think it should be okay to dredge up this topic ever couple years.
> > From what I am reading, links below, I do not feel comfortable with
> > the key length and algorithmic security offered by GPG's defaults.
> >
> > I have not been able to figure out how to get keylengths greater than
> > 3072 for DSA/elgmal or >4094 rsa, so I conclude that generating them is
> > unsupported by GPG although GPG can use them. I have seen many people
> > saying that these types of key lengths are way more than anyone could
> > reasonably need, but I am skeptical.
> >
> > I am involved in a local Occupy (bet you thought occupy was kaput eh?
> > well as it were known it is but that's another story) and frankly we
> > aren't just up against one intelligence agency, but all intel agencies
> > put together. An entire global class of people. You can argue that
> > they may be uninterested in me, however I don't buy that argument at
> > all because they have spent (possibly a lot) more than a thousand
> > dollars at least on me personally at this point I am sure in policing
> > costs to try to survielle and intimidate me, after you divide down.
> >
> > The eviction alone at my occupy cost (probably greatly) in excess of
> >
> > $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours.
> > There are also estimates made that in the US 1 in 6 "protestors" is
> > actually a government agent of one sort or another, dept of defense,
> > homeland security, fbi what have you. And that exludes any thugs the
> > bankers put in the crowd as privately hired types.
> >
> > Secondly I want my communications to remain unread into the relatively
> > distant future. Given the sort of crap the 1% do wrt murdering and
> > maiming vast quantites of people for a couple extra bucks I would not be
> > the least bit surprised if 20 years from now they "dissapeared" me
> > because I passed our some pamphlets that said "end class war now".
> >
> > An enemy is an enemy, and enemies must be smooshed, right? Why take
> > risks>
> > like letting an innocent person live if they might concievable scratch
> > your gravy train at some point in the future? Abductions and bullets
> > aren't that expensive once you got everything all set up, it's a good
> > investement.
> >
> >
> > I'm 23 now and I take various modest precautions to ensure that I have
> > the best chance I can to remain in good health when I am 43. Or 63. A
> > couple hundred extra milliseconds of decryption/encryption time per
> > message for a key longer than 3072 or 4092 sounds like a good choice
> > frankly. Is that not what we are looking at?
> >
> > And yes I recognize that it would be a lot easier for them to plant
> > spyware on my computers than break the keys, however they can't plant
> > spyware on everone's computer. without people noticing They do slurp
> > up and probably store indefinitely all text -and many other-
> > communications on the internet (carnivore etc.). In the future, data
> > they don't have they can't use. There is always a substantial
> > probability that they will not get my keys with spyware, and I would
> > like capitalize (If you'll pardon me) on that.
> >
> > Fourthly a little safety margin never hurt.
> >
> > I think it should be easier to pick longer keys. Also info should be
> > included in the compendium regarding practical aspects of key choice,
> > like a table that shows how long it takes to encrypt a symmetric key
> > with
> > 2048, 4092 etc. Or event just a table in which you select your
> > adversary, then your time horizon, and it tells you what key lengths are
> > suitable, with due warnings and notes regarding the possibility of
> > quantum computers, mathematical advances etc.
> >
> > I understand that no matter how long the keys are it's still only a
> > relatively small part of the equation. However I thought it was the
> > norm
> > to pick something that basically eliminated concern about the encryption
> > being broken, so one could forget about that part and focus on the
> > rest.of your security worries.
> >
> > My trust in GPG has been disturbed by this state of affairs. I thought
> > I
> > could just trust the defaults but I am finding that they may not really
> > include the safety margin that people desire. I shudder to think of
> > people who are doing more serious stuff in the class war than little ol'
> > me (which isn't hard).
> >
> > Links:
> > http://en.wikipedia.org/wiki/RSA_%28algorithm%29
> > -http://www.schneier.com/essay-368.html < note that this was written in
> > 1998 http://www.rsa.com/rsalabs/node.asp?id=2004 this one in
> > particular makes it clear that it is not unreasonable for someone in my
> > position to choose a 4096 bit key.
> >
> >
> > http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S.
> > Government requires 192 or 256-bit AES keys for highly sensitive data.
> > A 3072 bit RSA or elGamal key is about equivalent to 128 bit symmetric
> > key, right? And a 256 bit key length equivalent public key is abut
> > 15,387 bits.. I think if people want to use the same level of
> > encryption for their data that the government uses shouldn't that be
> > supported at least in command line mode?
> > http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on
> > equivalencies
> > in computation and cost of public key vs. symmetric.
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users [at] gnupg
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> Some say that all the power of the universe - and all the time its been in
> existence will not crack a 2048 bit key with a secure passphrase. So by
> the time the universe is well and truly over and some poor sod of a
> government agent is alive and well he will not have cracked yer e-mails
> or indeed any encrypted data. Can you imagine that power from a computer?
> No. The mind boggles at the energy it would consume - a million million
> million ad infinitum suns.
>
> But they "key" to all this is them holding your private key - it would be
> quicker and a lot simpler to crush your balls with a pair of pliers - you
> will give up your most treasured possession - your passphrase. This is
> the meaning of brute force attacks on your key.
>
> The strength of your passphrase is critical alpha numerics take the whole
> universe to crack where as a phrase like:
>
> "marymary&%/*had*)/+a:+=little$"KL$Donkey#*hadxxxabad%$*JHGbadIUNG6**leg^
> )andalways@#][a\|little-0UHKTwalkedUKL:@?^wonkey
>
>
> is a good key it will last you forever - if you can stand having your
> balls crushed. So the best form of security would be to invest in a
> sturdy steel codpiece and a long passphrase.
>
> David

"everything that could be invented has been invented"

"640k ought to be enough for anybody"

Do we really have to repeat the history?

Regards,
--
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerw 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


christoph.anton.mitterer at physik

May 22, 2012, 10:34 AM

Post #16 of 45 (1071 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On Tue, 2012-05-22 at 17:50 +0200, Peter Lebbing wrote:
> Or bugs only affecting large keys are not found because so few people use it,
> and it becomes an attack vector affecting only those using large keys.
While this could happen, I'd guess it would be rather vice versa....

And eventually larger key sizes may become common (as it always happened
so far) and then we'd stumble across such problems anyway... better now,
where larger key sizes are not yet needed....


Chris.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


John at enigmail

May 22, 2012, 10:54 AM

Post #17 of 45 (1074 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

tim.kachao [at] gmail wrote:
> I think it should be okay to dredge up this topic ever couple years. From
> what I am reading, links below, I do not feel comfortable with the key
> length and algorithmic security offered by GPG's defaults.

[.I think I write this same email on one list or another at least once per year]

That is your right. Come back with the math if you wish to convince many of us
of your position.

> I have not been able to figure out how to get keylengths greater than 3072
> for DSA/elgmal or >4094 rsa, so I conclude that generating them is
> unsupported by GPG although GPG can use them. I have seen many people
> saying that these types of key lengths are way more than anyone could
> reasonably need, but I am skeptical.

You do what has been done in the past, you hack the source. BTW, the NSA whose
second primary mission is securing the communication of the US Gov't says
2048-3072 is as far as that technology goes. At that length the switch should
be made to ECC. NIST who sets the standards for the rest of the Gov't and much
of business agree.
>
>
> I'm 23 now and I take various modest precautions to ensure that I have the
> best chance I can to remain in good health when I am 43. Or 63. A couple
> hundred extra milliseconds of decryption/encryption time per message for
> a key longer than 3072 or 4092 sounds like a good choice frankly. Is
> that not what we are looking at?

Pssst, they're not going to try to break your encryption, they have easier
methods of stalking and watching you.

> And yes I recognize that it would be a lot easier for them to plant spyware
> on my computers than break the keys, however they can't plant spyware on
> everone's computer. without people noticing They do slurp up and
> probably store indefinitely all text -and many other- communications on
> the internet (carnivore etc.). In the future, data they don't have they
> can't use. There is always a substantial probability that they will not
> get my keys with spyware, and I would like capitalize (If you'll pardon
> me) on that.
>
> Fourthly a little safety margin never hurt.

Except when they're are easier ways to achieve equal or better security
>
> I think it should be easier to pick longer keys. Also info should be
> included in the compendium regarding practical aspects of key choice,
> like a table that shows how long it takes to encrypt a symmetric key with
> 2048, 4092 etc. Or event just a table in which you select your
> adversary, then your time horizon, and it tells you what key lengths are
> suitable, with due warnings and notes regarding the possibility of
> quantum computers, mathematical advances etc.

4092 bit keys will never come into vogue except among a small group of people
who think they are "better".

> I understand that no matter how long the keys are it's still only a
> relatively small part of the equation. However I thought it was the norm
> to pick something that basically eliminated concern about the encryption
> being broken, so one could forget about that part and focus on the
> rest.of your security worries.
>
> My trust in GPG has been disturbed by this state of affairs. I thought I
> could just trust the defaults but I am finding that they may not really
> include the safety margin that people desire. I shudder to think of
> people who are doing more serious stuff in the class war than little ol'
> me (which isn't hard).

The defaults in GnuPG are quite safe. You're understanding of them needs a bit
of work.

> Links:
> http://en.wikipedia.org/wiki/RSA_%28algorithm%29
> -http://www.schneier.com/essay-368.html < note that this was written in 1998
> http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes
> it clear that it is not unreasonable for someone in my position to choose
> a 4096 bit key.

Specific predictions about Cryptography far in the future should be taken with
a LARGE grain of salt. Most of the RSA 8192 ideas come from Schneier's Applied
Crypotograthy. Bruce Schneier has done a lot of great work, but relying on
14-year-old advice for RSA key sizes ignores current work and best practice
thought in cryptography Over the summer (2010), readers of the [Cryptography]
mailing list were reminded that in 1993 folks thought that 1024-bit RSA
'should be ok (safe from key-factoring attacks) for "a few decades".' 1.75
decades later it's essentially history.


> http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government
> requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit
> RSA or elGamal key is about equivalent to 128 bit symmetric key, right?
> And a 256 bit key length equivalent public key is abut 15,387 bits.. I
> think if people want to use the same level of encryption for their data
> that the government uses shouldn't that be supported at least in command
> line mode?
> http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies
> in computation and cost of public key vs. symmetric.

past RSA key sizes of 2048-3072, the migration is to Elliptic Curve
Crypto (ECC). Huge RSA keys do not scale for most Internet usages (PKI/TLS/SSL).

NO ONE is recommending 4096 RSA or DSA, not because it's unsafe but it's
computationally unwieldy, especially on small devices. At asymmetric key sizes
of 3072 bits, the smart money is moving to Elliptic Curve Cryptography (ECC).

How does ECC compare to RSA _today_?

>From the National Institutes of Science and Technology (one of the gold
standards for engineering know-how):

RSA ECC Sym
1024 160 80
2048 224 112
3072 256 128
7680 384 192
15360 512 256

(One may add a 'Hash' column by doubling the values in the Symmetric
Encryption column.) These recommendations can be found on page 63 of NIST
Special Publication 800-57, Recommendations for Key Management, Part I. 2nd
Revision, 8 Mar, 2007.
[http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf]
All three parts of SP800-57 are available at
http://csrc.nist.gov/publications/PubsSPs.html

The NSA's 2010 Suite-B
[http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml]
recommendations are:
Type Symmetric Elliptic Curve Hash
Secret 128 256 256
Top Secret 256 384 384

A key aspect of Suite B is its use of elliptic curve technology instead of
classical public key technology. During the transition to the use of elliptic
curve cryptography in ECDH and ECDSA, DH, DSA and RSA can be used with a
2048-bit modulus to protect classified information up to the _secret_ level
[http://www.keylength.com/en/6/].

So, depending on the source, a consensus seems to be forming that beyond a
2048 or 3072 bit modulus for DSA2 or RSA, folks need to switch to ECC.

2048-RSA is the current default in GnuPG. OpenPGP cards will support up to
3072-bit RSA; GnuPG up to 4096-bit RSA and 3072-bit DSA2. ECC in OpenPGP is on
its way toward becoming a RFC and being included in OpenPGP. Larger and larger
RSA keys aren't the solution, ECC is. The balance of power has tipped away
from RSA and toward ECC.

The Internet Draft for ECC in OpenPGP
[https://tools.ietf.org/html/draft-jivsov-openpgp-ecc-11] is in the Final
Comment period with comments due by 2012-04-09. I imagine it will be voted on
soon, and approved. ECC is already mostly in place in GnuPG 2.0.

Feel free to ignore everything I've told you. There's no reason you should
trust me. But by all means, keep asking questions and read the /authoritative/
articles and documents.

--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


david at gbenet

May 22, 2012, 11:00 AM

Post #18 of 45 (1065 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/05/12 18:23, Hubert Kario wrote:
> On Tuesday 22 of May 2012 13:34:20 david [at] gbenet wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 22/05/12 09:58, tim.kachao [at] gmail wrote:
>>> I think it should be okay to dredge up this topic ever couple years. From what I am
>>> reading, links below, I do not feel comfortable with the key length and
>>> algorithmic security offered by GPG's defaults.
>>>
>>> I have not been able to figure out how to get keylengths greater than 3072 for
>>> DSA/elgmal or >4094 rsa, so I conclude that generating them is unsupported by GPG
>>> although GPG can use them. I have seen many people saying that these types of key
>>> lengths are way more than anyone could reasonably need, but I am skeptical.
>>>
>>> I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it
>>> were known it is but that's another story) and frankly we aren't just up against
>>> one intelligence agency, but all intel agencies put together. An entire global
>>> class of people. You can argue that they may be uninterested in me, however I
>>> don't buy that argument at all because they have spent (possibly a lot) more than a
>>> thousand dollars at least on me personally at this point I am sure in policing
>>> costs to try to survielle and intimidate me, after you divide down.
>>>
>>> The eviction alone at my occupy cost (probably greatly) in excess of
>>>
>>> $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours. There are
>>> also estimates made that in the US 1 in 6 "protestors" is actually a government
>>> agent of one sort or another, dept of defense, homeland security, fbi what have
>>> you. And that exludes any thugs the bankers put in the crowd as privately hired
>>> types.
>>>
>>> Secondly I want my communications to remain unread into the relatively distant
>>> future. Given the sort of crap the 1% do wrt murdering and maiming vast quantites
>>> of people for a couple extra bucks I would not be the least bit surprised if 20
>>> years from now they "dissapeared" me because I passed our some pamphlets that said
>>> "end class war now".
>>>
>>> An enemy is an enemy, and enemies must be smooshed, right? Why take risks> like
>>> letting an innocent person live if they might concievable scratch your gravy train
>>> at some point in the future? Abductions and bullets aren't that expensive once you
>>> got everything all set up, it's a good investement.
>>>
>>>
>>> I'm 23 now and I take various modest precautions to ensure that I have the best
>>> chance I can to remain in good health when I am 43. Or 63. A couple hundred extra
>>> milliseconds of decryption/encryption time per message for a key longer than 3072
>>> or 4092 sounds like a good choice frankly. Is that not what we are looking at?
>>>
>>> And yes I recognize that it would be a lot easier for them to plant spyware on my
>>> computers than break the keys, however they can't plant spyware on everone's
>>> computer. without people noticing They do slurp up and probably store indefinitely
>>> all text -and many other- communications on the internet (carnivore etc.). In the
>>> future, data they don't have they can't use. There is always a substantial
>>> probability that they will not get my keys with spyware, and I would like
>>> capitalize (If you'll pardon me) on that.
>>>
>>> Fourthly a little safety margin never hurt.
>>>
>>> I think it should be easier to pick longer keys. Also info should be included in
>>> the compendium regarding practical aspects of key choice, like a table that shows
>>> how long it takes to encrypt a symmetric key with 2048, 4092 etc. Or event just a
>>> table in which you select your adversary, then your time horizon, and it tells you
>>> what key lengths are suitable, with due warnings and notes regarding the
>>> possibility of quantum computers, mathematical advances etc.
>>>
>>> I understand that no matter how long the keys are it's still only a relatively
>>> small part of the equation. However I thought it was the norm to pick something
>>> that basically eliminated concern about the encryption being broken, so one could
>>> forget about that part and focus on the rest.of your security worries.
>>>
>>> My trust in GPG has been disturbed by this state of affairs. I thought I could
>>> just trust the defaults but I am finding that they may not really include the
>>> safety margin that people desire. I shudder to think of people who are doing more
>>> serious stuff in the class war than little ol' me (which isn't hard).
>>>
>>> Links: http://en.wikipedia.org/wiki/RSA_%28algorithm%29
>>> -http://www.schneier.com/essay-368.html < note that this was written in 1998
>>> http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes it clear
>>> that it is not unreasonable for someone in my position to choose a 4096 bit key.
>>>
>>>
>>> http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government requires
>>> 192 or 256-bit AES keys for highly sensitive data. A 3072 bit RSA or elGamal key is
>>> about equivalent to 128 bit symmetric key, right? And a 256 bit key length
>>> equivalent public key is abut 15,387 bits.. I think if people want to use the same
>>> level of encryption for their data that the government uses shouldn't that be
>>> supported at least in command line mode?
>>> http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies in
>>> computation and cost of public key vs. symmetric.
>>>
>>> _______________________________________________ Gnupg-users mailing list
>>> Gnupg-users [at] gnupg http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
>> Some say that all the power of the universe - and all the time its been in existence
>> will not crack a 2048 bit key with a secure passphrase. So by the time the universe
>> is well and truly over and some poor sod of a government agent is alive and well he
>> will not have cracked yer e-mails or indeed any encrypted data. Can you imagine that
>> power from a computer? No. The mind boggles at the energy it would consume - a
>> million million million ad infinitum suns.
>>
>> But they "key" to all this is them holding your private key - it would be quicker and
>> a lot simpler to crush your balls with a pair of pliers - you will give up your most
>> treasured possession - your passphrase. This is the meaning of brute force attacks on
>> your key.
>>
>> The strength of your passphrase is critical alpha numerics take the whole universe to
>> crack where as a phrase like:
>>
>> "marymary&%/*had*)/+a:+=little$�"KL$Donkey#*hadxxxabad%$*JHGbadIUNG6**leg^
>> )andalways@#][a\|little-0UHKTwalkedUKL:@?^wonkey
>>
>>
>> is a good key it will last you forever - if you can stand having your balls crushed.
>> So the best form of security would be to invest in a sturdy steel codpiece and a long
>> passphrase.
>>
>> David
>
> "everything that could be invented has been invented"
>
> "640k ought to be enough for anybody"
>
> Do we really have to repeat the history?
>
> Regards,

Ah I missed out the foil hat - the invisibility cloak and the light absorbing paint - oh
well - I noticed that no one was in any kind of paranoid rush to send encrypted e-mails :)

David


- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPu9QeAAoJEOJpqm7flREx9dAH/3/glUi2F0wYFA/jkhlDKswT
lIhcTtnSBQOscjMCVnmEOThHRdOMdpui8hsWnxuYjEAI94Adzs+0piFyuio86+P2
zJR2cVz3B1/GTS1jErKjByQiYhk8RbxYDLGCxY69gMMp0usEpWyBDCiFAFONab0H
ERUfhiue4hXaeS1Yi71CkelXGgHw689BLSTGQXUeQFCuZW4JuJ8VNeOWA6hMtX5c
N7p3q+oAE3epxQU10Dg5doCcGJE2KGP44S8PbS+rlOHEwkm8nYHNuxZJXUjaLcMk
TRAI+fGp8bzjFXfXGBnmrMS4dIZ8Eu9UEVsz3cW9mjpQgb1UrvmbSW+gVguDgps=
=aYwi
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

May 22, 2012, 11:03 AM

Post #19 of 45 (1062 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 22/05/12 19:10, Robert J. Hansen wrote:
> Your claim may lead people to writing off your movement on the grounds
> that one of two things are true. Either:
>
> - "They're a bunch of crazies who think that even the park
> rangers are after them,"
> - Or, "holy Toledo, even the park rangers are after them!"
>
> It seems unlikely to me that either one will engender much support. If
> people think the former, then the movement is crazy and can be written
> off. If people think the latter, then it's incredibly dangerous to
> stand too close to you and no one will show up to your protests.

This presupposes that "people" will equate the whole movement with this single
individual. This is definitely not unlikely, though :-) [1]

Peter.

[1] After all, *all* people generalise! ;)

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

May 22, 2012, 11:09 AM

Post #20 of 45 (1064 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 22/05/12 20:00, david [at] gbenet wrote:
> On 22/05/12 18:23, Hubert Kario wrote: [...snip...]

David and Hubert, could you please trim the quotes in your replies? I'm typing
this with one hand because my scroll finger is cramping... ;) j/k

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


david at gbenet

May 22, 2012, 11:14 AM

Post #21 of 45 (1064 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/05/12 19:09, Peter Lebbing wrote:

<chain sawed >


Oh all right :) Ha! Ha!

David - no offence meant btw :) just so funny :)

- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPu9dwAAoJEOJpqm7flRExb0oH/Alv+svuTQ2P+b1XfT05ke1u
c62vV/LXL4n8XM9WmSd0DRm9qjpmJ77KdRR4cn5RCsz9CdiaFTQGVuB44EGWkudt
RYTxiSnirn+hpZ31PWnvT6SNNN06xJFevTLpNt33oF1POC7Jfuz618LAi6VIWK3U
6IBY7QLqx+BxcJmRWpayXYcvCBCP0NBN2wi1ay5mwnHcXiaxHs7pg2M+sXaWXeun
Iiiiz7MmnJGIzeBhvp8jO4gqoJ68LpnBRAH43D0DQ33EA/T2AkVxGVUQwTxLtIdp
ful2lQbA3q3oOnWD61pMz+nlCDQeMHo8lc+YU468DD0vT7Ds2cd03gc7fbewBds=
=A1dH
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


mailinglisten at hauke-laging

May 22, 2012, 11:26 AM

Post #22 of 45 (1064 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

Given the frequency of this discussion and the amount of effort takes by the
participants: Wouldn't it make sense to make this a FAQ entry?


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
Attachments: signature.asc (0.54 KB)


rjh at sixdemonbag

May 22, 2012, 11:40 AM

Post #23 of 45 (1068 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On 5/22/12 2:26 PM, Hauke Laging wrote:
> Given the frequency of this discussion and the amount of effort takes by the
> participants: Wouldn't it make sense to make this a FAQ entry?

I think so, yes. The question is who's going to write it? I suspect
Werner doesn't have the time. If he wants, I would be happy to take a
stab at writing it.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Lists.gnupg at mephisto

May 22, 2012, 11:46 AM

Post #24 of 45 (1059 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

On Tue, May 22, 2012 at 08:26:14PM +0200 Also sprach Hauke Laging:
> Given the frequency of this discussion and the amount of effort takes by the
> participants: Wouldn't it make sense to make this a FAQ entry?

Honestly now, do you think having a FAQ entry stops this topic
resurrecting every few months? Either someone will take issue with
what is said in the FAQ, or they (most likely) do not read it at all.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


John at enigmail

May 22, 2012, 11:48 AM

Post #25 of 45 (1065 views)
Permalink
Re: Some people say longer keys are silly. I think they should be supported by gpg. [In reply to]

tim.kachao [at] gmail wrote:
> I think it should be okay to dredge up this topic ever couple years. From
> what I am reading, links below, I do not feel comfortable with the key
> length and algorithmic security offered by GPG's defaults.
>
> I have not been able to figure out how to get keylengths greater than 3072
> for DSA/elgmal or >4094 rsa, so I conclude that generating them is
> unsupported by GPG although GPG can use them. I have seen many people
> saying that these types of key lengths are way more than anyone could
> reasonably need, but I am skeptical.
>
> I am involved in a local Occupy (bet you thought occupy was kaput eh? well
> as it were known it is but that's another story) and frankly we aren't
> just up against one intelligence agency, but all intel agencies put
> together. An entire global class of people. You can argue that they may
> be uninterested in me, however I don't buy that argument at all because
> they have spent (possibly a lot) more than a thousand dollars at least on
> me personally at this point I am sure in policing costs to try to
> survielle and intimidate me, after you divide down.
>
I was wondering... Does your group communicate with one another using cell
phones? I ask not because of the irony of protesting globalization on cell
phones, but because of the cell phone industry's woefully poor record on
ecryption technology.

What about WiFi? Do the public Access Points you all use use encryption? Is it
stronger than WEP? what about someone plugging in a Snooper in the wiring
closet of that StarBucks or McDonald's?

_IF_ THEY are /really/ watching you, they've used cameras to watch you type in
your passphrase, and windows and Gmail passwords. They may have used a
weakness in CIFS to copy your keyrings.

All this and you're worried about overkill on the one place they WON'T attack?
No one attacks the crypto. They're are too many easier routes. If you're
/really/ worried about privacy and security, get your priorities straightened
out. bin Laden didn't use cell phones, not because he was a techno-Luddite,
but because he understood the risks of using them. You need to get a handle on
all the risks of all the technology you use.

-John

PS: Leave the tinfoil hat at home, it draws undue attention to you.

--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

First page Previous page 1 2 Next page Last page  View All GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.