[kwlug-disc] Using 4096-bit RSA vs. 1024
unsolicited at swiz.ca
Sat Sep 11 14:31:21 EDT 2010
At what point does key size stop providing realistically useful
economies of scale, vis a vis overhead imposed?
So, for example, what is the cracking time difference between a 1024
bit and a 4096 bit key? Assume RSA - your point wrt DSA is taken.
What increase in overhead occurs as keys get larger? i.e. If 4096 only
imposes a small initial penalty (seconds) to determine a 1024 bit
decryption key (say), that's OK. But if the larger key means extra
seconds at every bit of data decode, that's not ok. [Perhaps I'm
mixing technologies here? e.g. https / vpn initial key exchange (?)/
verification vs. ongoing encryption (pgp) keys?]
(Mixing 'encryptions' here ...) For https, at what point will the
time to crack be so far beyond the timeliness of the data that it
doesn't matter. [I don't accept a premise that if they can eventually
crack it it's insufficient encryption.]
I guess, to summarize, what do you gain / lose as key sizes get larger
and larger? (Whether the gain is worth the loss is, I guess, a
personal decision. For me, there is a point of diminishing returns -
although I don't know where that point is, myself, at the moment.)
Denver Gingerich wrote, On 09/11/2010 1:34 PM:
> (changing subject for proper threading)
> On Fri, Sep 10, 2010 at 10:31 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
>> As part of this meeting we will hold a keysigning party, and if you
>> act quickly then you can participate! There is a summary of how to get
>> started here: http://kwlug.org/node/772 which I will reproduce below.
>> But you have to get Keymaster Chris your signature BEFORE the meeting
>> to play.
>> Whew. Here are some keysigning party instructions:
>> Chris Frey (cdfrey at the domain foursquare dot net) is the KeyMaster
>> for this party. As part of the process, you will e-mail him your key.
>> Here are his instructions for getting started, with some e-mail
>> address obfuscation:
>> 1. Generate new key:
>> gpg --gen-key
>> (Accept the defaults, they are pretty good)
> Unfortunately, they might not be. On most distros released before
> about May 2009 (and probably more), the default GnuPG settings will
> give you a 1024-bit DSA key, which is quite vulnerable to attacks due
> to its reliance on SHA-1:
> As recommended in the above article, users should select RSA and I
> would personally recommend using the maximum key size of 4096 bits.
> So please do NOT use the defaults and instead choose 4096-bit RSA.
> This will give us a much stronger web of trust.
> I'm personally of the opinion that a non-expiring key is ok, though
> the extra-paranoid will probably want a finite expiration time (though
> this makes it harder to remain in the web of trust over time).
>> gpg --fingerprint dc6371d5
>> pub 1024D/DC6371D5 2006-12-02 [expires: 2011-12-01]
>> Key fingerprint = 7D71 47F2 3F61 B0E1 5F3C 68A4 819A 39D8 DC63
>> uid Chris Frey (cube)
>> sub 4096g/C2855553 2006-12-02 [expires: 2011-12-01]
> I hate to break it to Chris, but his key is one of the potentially
> vulnerable. "pub 1024D" means 1024-bit DSA. I would especially
> recommend that Chris generate a new key before the meeting, being the
> keymaster and all.
> Here's an example of the kind of key you want:
> $ gpg --keyserver pgp.mit.edu --recv-keys 5F36A772
> $ gpg --list-keys 5F36A772
> pub 4096R/5F36A772 2009-06-16
> uid Denver Gingerich [...]
> sub 4096R/A0C337A9 2009-06-16
> (As you may have guessed, "pub 4096R" means I have a 4096-bit RSA key.)
> Whoever has access, please update the instructions at
> http://kwlug.org/node/772 and send them to kwlug-announce (I know not
> all people follow kwlug-disc).
> I don't like to causing extra work for people (updating
> sites/e-mails), but I would much rather see a little extra work done
> now than to have a whole bunch of vulnerable keys made.
> I hope the keysigning party goes well.
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
More information about the kwlug-disc_kwlug.org