On Sunday 08 September 2013 10:29:18 Ole Tange wrote: > On Sun, Sep 8, 2013 at 12:06 AM, Ingo Klöcker <kloec...@kde.org> wrote: > > On Saturday 07 September 2013 23:35:08 Ole Tange wrote: > >> On Sat, Aug 31, 2013 at 11:46 AM, Ole Tange <ta...@gnu.org> wrote: > >> > >> http://oletange.blogspot.dk/2013/09/life-long-key-size.html > > > > but I'm pretty sure it's relevant for the > > battery life of your and your communication partners' smart phones. > > In particular, if you and your communication partners use equally > > large keys and encrypt each and every email, SMS, chat message, > > etc. > Assuming a new smartphone runs at 1 GHz with GnuPG 2.0 then > decryption+verify or sign+encryption will be in the order of 10 > seconds if both sender and receiver use 10kbit keys. So we are talking > about 10 seconds per RSA encrypted message. Potentially lower if the > phone is multicore and GnuPG's RSA implementation supports > parallelized RSA operations. > > If RSA is only used to negotiate the initial session key, then I would > reckon the 10 seconds is hardly noticeable from a battery > perspective. My old Nokia N900 with wifi on will let you > sign+encryption 657 messages with 10kbit keys on a full battery using > GnuPG 1.4.6. With GnuPG 2.0 that would be in the order of 1000 > messages per charge. > > So where your concern really matters would be for high volume messages > (100 per day or more) that are all RSA encrypted and are used on > battery operated slow devices. Apart from email, can you mention any > app that works like that today?
Some chat software (on PCs) uses GnuPG for encryption, but I'm not sure whether they use RSA only for the initial key exchange or for every chat message. Not having a smart phone I have no idea whether there are similar apps for smart phones. Having said this, in view of Snowden's disclosures, there's definitely a need for such apps. > If I am to include the battery perspective and speculations on what > apps that _could_ be made, I should probably also include what would > happen if smartphones get a cryptochip included (which would bring RSA > operations into the millisecond range - thus rendering the battery > concern moot). Using a cryptochip might not only render the battery concern moot, but this whole discussion about life long keys because even a 1mbit RSA key is useless if the session keys created by the cryptochip are easily guessable by the NSA. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
