On 05/05/12 12:49, Milo wrote: > 1) You are responding to citation regarding symmetric crypto with > widely used key length.
Well it's not my fault someone else went off-topic is it? If you are here to persuade the GnuPG authors to include AES256 you're too late. I think you can perfectly discern what message I was intending to get across. > 2) Proponents of approach you are commenting on gave some arguments > here already. If not sure check thread and other sources. I am very well aware of that. They don't convince, because they don't tackle the problem of the weakest link. >>> One more time - this is not up to you or software authors to >>> decide what's the value behind encrypted data. Even if reason of >>> encrypting it is silly. >> >> I don't think it's up to you to decide that the GnuPG authors need >> to officially support something they find silly. > > This is open discussion about free software's value and (expected by > some) functionality. Discussion and judging on value of private data > is something totally different you know. Please read these three quotes again carefully. You are saying you yourself are off-topic; discussing something totally different. I agree. > I'm not forgetting about this. But you are forgetting you are using > symmetric crypto with 256-bit key length (e.g. HTTPS) and you don't > have any problem with this "security overkill" (but yes - symmetric > ciphers are computationally to use cheaper). GnuPG should include 8k RSA because I didn't go through the trouble of disabling AES256 in my browser, risking breakage when an oddball webserver administrator disables all algorithms but AES256? You also indicate yourself where this goes askew: RSA 8k is immensely more CPU intensive than AES256 v AES128. >> It's an interesting take on things, that the GnuPG authors somehow >> think your data must be invaluable, because they don't offer 8k >> RSA. > > This is your flawed conclusion. I was replying to: >> One more time - this is not up to you or software authors to decide >> what's the value behind encrypted data. I read that as: GnuPG authors decide your data is not valuable enough for RSA 8k. I'm unsure how else to read it, but it certainly isn't /my/ conclusion, it's what I read as /your/ conclusion. Please don't make it my conclusion, I would have to severely disagree with myself, and I hate it when that happens. A large error I made: I wrote invaluable when I meant not valuable at all. Is this the source of the confusion? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
