1993-04-07 - Re: PGP: suggestions from the trench

Header Data

From: “Mr. Noise” <mrnoise@econs.umass.edu>
To: grady@netcom.com (1016/2EF221)
Message Hash: b81b66aa1aef9faa8f12bf66182e7f4e1dfc770d3550704a217200aaf6fa1735
Message ID: <9304072102.AA20984@titan.ucs.umass.edu>
Reply To: <9304032057.AA06227@netcom.netcom.com>
UTC Datetime: 1993-04-07 21:02:38 UTC
Raw Date: Wed, 7 Apr 93 14:02:38 PDT

Raw message

From: "Mr. Noise" <mrnoise@econs.umass.edu>
Date: Wed, 7 Apr 93 14:02:38 PDT
To: grady@netcom.com (1016/2EF221)
Subject: Re: PGP: suggestions from the trench
In-Reply-To: <9304032057.AA06227@netcom.netcom.com>
Message-ID: <9304072102.AA20984@titan.ucs.umass.edu>
MIME-Version: 1.0
Content-Type: text


> Taking all these factors into consideration, I would suggest that 
> the *minimum* size of the RSA modulus available for PGP is 1024 
> bits with a minimum ceiling of 2048 bits (or even more).  If for 
> performance reasons on certain platforms 1024 is deemed 
> impossibly slow, then a lesser number of bits ought to be 
> permitted *provided* that the security level for any key length 
> under, say, 768 bits is clearly labeled "TOY GRADE".

While I agree that keys of greater lengths out to be made available for
those fortunate enough to possess platforms powerful enough to use them,
your choice of words--'TOY GRADE'--is, perhaps, unfortunate.  Every user
of PGP has different reasons for needing/wanting encryption, & not all users
need the sort of protection that can withstand a determined attack mustered
by cryptographic experts.  Some users, frankly, just don't like people
snooping into their private mail, & therefore use PGP encryption as an
'envelope'.  Sure, the 'envelope' can be 'steamed open', but it's not likely
to be worth the trouble if you have no major secrets to conceal...





Thread