On 5/5/12 8:57 AM, Milo wrote: > "Derivatives of Shor's algorithm are widely conjectured to be effective > against all mainstream public-key algorithms including RSA, > Diffie-Hellman and elliptic curve cryptography". I'm not considering all > of them. I used more general expression.
In that case, everything you're advocating is confusing me. Yes, if and when QC comes along many existing systems will need to be considered suspect. However, if you're concerned about QC you will get far more mileage from switching to a QC-resistant asymmetric algorithm than from adding a few bits to your RSA key. Why all this focus on longer RSA keys as a response to QC? It makes no sense at all. > But I don't think that biggest proponents of longer asymmetric keys are > such kind of guys. Your approach advised to this hypothetical person is > more like tao of using encryption then set of objective rules. That's because there are very few objective rules. Computer security is dominated by the human element, and human beings do not tend to strictly follow objective rules. When it comes to crypto, yes, we can say certain things with great mathematical certainty. The instant that crypto gets fielded, though, the math becomes the least important part of the equation. The human element becomes overwhelmingly dominant. > But lacking bigger margin of security because of limited key space. NIST has certified 3DES until 2030: it is quite likely that in 2030 3DES will be certified for another couple of decades. > Check 3des history for details ( > https://en.wikipedia.org/wiki/3des#Keying_options ). I did, and I don't see anything in there that are ugly hacks or backwards-incompatible. Choose your keying option (three-key being preferred), stick with it and you're done. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
