On Fri, 4 May 2012 00:27, h...@qbs.com.pl said: > decision, and that's agreed by basically anybody (NIST, ECRYPT II). > Especially > when the cost of establishing the link with 8k RSA is insignificant for any > session over 5min in length (as is common in SSH).
Sorry, but that is plain nonsense. Maybe not with your desktop box, but my N900 takes quite some time to compute with 4k RSA keys. > Besides that, Schneier and Ferguson[2] say that basically any RSA based > crypto > system should support 8k keys. Switching to ECC is not easy, you need to I can't locate my copy right now. Anyway, such suggestions depend largely on the context. It might be true in theory for US or French govt security but not for any practical purposes. Brian Snow of the NSA once told during lunch that they don't care to break the crypto - "we cheat". What he meant is that it is way easier and cheaper to exploit software bugs or RNG peculiarities than to build for example Twinkle devices. If the NSA is worth its money, you should assume that they have a bunch of zero day exploits available for all kind of software - including GnuPG. In particular SSH, which by its nature can't be used on a dedicated offline box, the use of even a 4k key is ridiculous. Such use reminds me more of security policies which demand the use of passphrases but allow that the passphrase be stored on the same box in a file. Current practice is the use of 2k RSA keys and you simply do that just because everyone is happy if you follow this rule. Using a lower key size might be justifiable but it is not worth to spend the time to explain the reason why it is okay to use only, say, 1536 bit. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
