1994-05-09 - Re: PGP 2.5

Header Data

From: Black Unicorn <unicorn@access.digex.net>
To: anon1df3@nyx10.cs.du.edu (Paul Grange)
Message Hash: e8e59a10ec0b760cf2dd4d2c9a46e9019235affa862fe05a7cf6ff40b5edb8af
Message ID: <199405092308.AA14455@access1.digex.net>
Reply To: <9405092209.AA21090@nyx10.cs.du.edu>
UTC Datetime: 1994-05-09 23:09:04 UTC
Raw Date: Mon, 9 May 94 16:09:04 PDT

Raw message

From: Black Unicorn <unicorn@access.digex.net>
Date: Mon, 9 May 94 16:09:04 PDT
To: anon1df3@nyx10.cs.du.edu (Paul Grange)
Subject: Re: PGP 2.5
In-Reply-To: <9405092209.AA21090@nyx10.cs.du.edu>
Message-ID: <199405092308.AA14455@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> |> Another RSAREF limitation is that it cannot cope with keys longer than
> |> 1024 bits.  PGP now prints a reasonably polite error message in such a
> |> case.
> 
> |Reasonably polite?  It says "Error: Bad pass phrase."  That doesn't
> |sound at all polite to me.  And since my key is 1234 bits, I'm vastly
> |unimpressed.  What in the world is the point of this restriction?
> 
> |I see a lot of "what it is" but not "why it is" in the docs.  Would one of
> 
> This restrcition comes from RSAREF code, over which the PGP team had no 
> control.
> 
> Everyone is entitled to their own opinion, but to me the development of a 
> free, legal, source code version of PGP is such a positive development 
> that it easily outweighs any of the problems (key sigs, incompatibility 
> with big keys, etc.) that the new release has brought about.

I'm afraid I have to disagree.
 
I dislike the limiting of key length to 1024 bits and would encourage a 
fix to at least the 1200's range.
 
Unfortunately I don't know enough about RSAREF to know what this involves 
but it seems a step backwards to limit key length to this size especially 
with the recent advances in processing on the retail market (powerpc 
pentium etc.)  To me this makes 2.5 a real loser.
 
More and more 2.5 looks like a restriction on choice.

No keys over 1024 bits.
No use of servers for the older versions.



> When the 
> jump from verison 1 to verison 2 was made, everyone's key became 
> obsolete, and everyone survived.  Everyone will survive this time, too.

I don't use a 1200 bit key now, but I'd like the option.  Calling the 
limitation a mere backwards compatibility problem shortcuts the issue.  I 
wouldn't care less if I used a 1200 bit key or a 2048 bit key today and 
had to make a new one for the new version.  I would care if I used a 1200 
or 2048 bit key today and had to make a 1024 bit one.

I don't want to be paranoid, but why the restriction?  Who does it 
serve?   Definitely not the user.  What modifications are possible?  What 
are the restrictions on modification to code in the licensing agreement?


> 
> I'm also very pleased with some of the new features (like the default for 
> PGPPATH, which will make PGP a lot more accessible to casual users).
>

Fine, how about satisfactory for serious users?

-uni- (Dark)





Thread