1994-12-26 - Re: Moving from 1024-bit -> 2048-bit key.

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: grmorgan@freenet.vcu.edu
Message Hash: e1d6938557f365b5ab2f1ef66eb4363a00cf78ad7939a4dfc4908b026f5e4919
Message ID: <199412261959.OAA17978@bwh.harvard.edu>
Reply To: <9412261907.AA10983@freenet.vcu.edu>
UTC Datetime: 1994-12-26 20:14:24 UTC
Raw Date: Mon, 26 Dec 94 12:14:24 PST

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Mon, 26 Dec 94 12:14:24 PST
To: grmorgan@freenet.vcu.edu
Subject: Re: Moving from 1024-bit -> 2048-bit key.
In-Reply-To: <9412261907.AA10983@freenet.vcu.edu>
Message-ID: <199412261959.OAA17978@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain

	Why revoke the old one?  If I want to send a message I don't
think needs 2048 RSA bits of security, why bother with it?  I have
little doubt the FBI would get your key from your computer at 1024
bits.  Thus, the effort needed to compromise a key does not change as
one moves from a 1024 to a 2048 bit key.

	Threat models are really helpful.  They become more helpful as
one acurately assesses ones enemies.  Ronald Kessler wrote a book
called The FBI.  Its fairly evenhanded examination of the post-Hoover
bureau.  He does gloss over DT & Waco; they occured as he was
finishing the book.  Reading it will give you good insight into the
way the FBI, and its agents, work.  (0-671-78657-1)


| >Once I've generated a 2048-bit key, how can I update my key on the 
| >keyservers?
| >
| First you need to generate a key revocation for your old key
| and post that to the servers.  Then just email your new key to
| the server.

"It is seldom that liberty of any kind is lost all at once."