Re: Linux crypto killer apllication

Thu, 15 May 2008 06:40:17 -0700 

Robert J. Hansen wrote:

Brian Smith wrote:
It is reasonable to choose to protect a secret for the rest of one's life (~100 years). 


You're committing two logical fallacies here: the first is you're begging 
the question, and the second is the assumption of facts not in evidence.



Exactly what question am I begging? I think it is reasonable to assume that 
people often have secrets that they want to take to their grave (at least). 
Everything I have read suggests that RSA 8192 will be broken within (some 
of) our lifetimes, so RSA 8192 or less is not enough. You basically said the 
same thing in your message.



This discussion is about tradeoffs, and whether what is to be gained by 
adopting very large keys would be worthwhile given the sacrifices which 
would have to be made.



Modern computers can handle RSA 16,384 without too much difficulty, so it 
isn't really impractical to use it. Even if it was impractical, there are 
other algorithms (ignored by gnupg) that are more efficient to use. I don't 
really see what sacrifices would have to be made, especially in terms of 
implementing gnupg.



By saying "it's reasonable to choose to use extremely long keys", you're 
skipping the entire debate and moving straight to the conclusion you want 
to reach, leaving the original question unanswered.  Namely: is it worth 
it?



I didn't say it was reasonable to choose extremely long keys, although it 
is. I said that if you want to keep a message encrypted for your entire 
lifetime, you need to use something stronger than RSA 8192....



Saying "it's reasonable to choose to protect personal secrets for 100 
years" is on faulty logical grounds because you _can't_ choose to protect 
secrets for 100 years.  You can't look that far into the future.



...because something stronger than RSA 8192 will probably take longer to 
break than RSA 2048. Maybe RSA 16K isn't enough. But, anything less is 
definitely not enough.



100 years from now the world will be unrecognizable to us.  Scientific, 
mathematical and technological advances we haven't even imagined yet will 
be old-hat.  The world of that future will be indistinguishable from 
magic -- and I am at a loss for how anyone can defend against magic.


At what point should we quit trying then? Now?


- Brian 



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users























					Reply via email to