1996-07-10 - Re: A case for 2560 bit keys

Header Data

From: “Deranged Mutant” <WlkngOwl@unix.asb.com>
To: “David F. Ogren” <ogren@cris.com>
Message Hash: 8914c66859a4dc800cd204d8c4b1318381aca02258d8b0ab465a0c649af12c71
Message ID: <199607092154.RAA24946@unix.asb.com>
Reply To: N/A
UTC Datetime: 1996-07-10 07:47:32 UTC
Raw Date: Wed, 10 Jul 1996 15:47:32 +0800

Raw message

From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 10 Jul 1996 15:47:32 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: A case for 2560 bit keys
Message-ID: <199607092154.RAA24946@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Jul 96 at 23:09, David F. Ogren wrote:
[..]
> Despite the above, there are convincing arguments for longer RSA keys.  
> Instead of asking "Why should we have longer keys?", perhaps we should be 
> asking "Why _shouldn't_ we have longer keys?"
 
> In a hybrid cryptosystem such as PGP, very little of the computational 
> process is consumed by RSA encryption.  Only a tiny fraction of the message 
> is RSA encrypted (the session key), and thus the time-critical operation is 
> the symmetric crypto system (IDEA for PGP).
> 
> As an experiment generate a 2047 bit PGP key and a 512 bit PGP key.  
> Encrypt a file (preferably of a reasonable size) using both keys.  
> Depending on the computer you are using, the time difference between the 
> two keys will be a matter of few seconds or even a fraction of a second.

Depends on the computers one uses, and who you are computing with. 
I've heard some horror stories of people using PGP modified to handle 
4kbit or 8kbit keys on 286s that waited <i>days</i> to generate keys 
and hours to sign or decrypt messages.

If you're exchanging messages with people using fast computers, 
lerger key sizes are practical.  Otherwise you need to take the issue 
of key-size/speed tradoff seriously.

> It seems foolish that we use RSA keys that are less secure than our IDEA 
> session keys.  Our RSA keys are much more valuable than our session keys.  
[..]

If very improved factoring methods are discovered, it might not 
matter.  If a new method of cryptanalysis against IDEA comes out, 
that might make RSA key-sizes a non-issue.

AFAIK, PGPlib will support multiple public key and private key 
algorithms.

Rob

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.





Thread