On 05/04/2012 06:07 AM, Hubert Kario wrote: > It still doesn't change the overall picture: > 1. migrating to ECC is hard and complicated > 2. using 8k RSA is easy
Nor does it change 3. using 8K RSA gives a modest increase to an already formidable margin of security Breaking a 128-bit keyspace is hard. Like, really, really hard. The power analysis on that one is eye-popping: to break a 128-bit keyspace in anything approaching a reasonable length of time requires an energy output on the level of a hypernova. If you want to break a 128-bit keyspace, please do it in a galaxy far, far away. So why do we need to increase a 128-bit keyspace (RSA-3K) to a 192-bit-plus-a-small-amount keyspace (RSA-8K)? The obvious response is "to defend against enhanced attacks against RSA, such as quantum computing and Shor's Algorithm." But that's just crazy. Shor's Algorithm requires 2N qubits to break an N-bit key. Right now we've got quantum computers that have, what, eight qubits? Any RSA modulus smaller than sixteen is in trouble now, let me tell you. An effective quantum computer with the 6144 qubits required to break a 3072-bit RSA key is straight out of science fiction. This quantum computer would be more powerful than any conventional computer could ever be: a conventional computer would require 10**1850 bytes of storage -- and no, that is not a typo -- to compete against it: that should give you a sense of the outrageous scale involved. There is no other way to describe this than science fiction. If you want to defend against science fiction, well, go right ahead. But I think you should also defend against other sorts of fiction, and I look forward to hearing how your security model will incorporate G.I. Joe to fight off the hordes of blue-suited terrorists sent by Cobra Commander. And yes, I really do believe that worrying about the development of large-scale quantum computers is on the same level of seriousness as worrying about Cobra Commander. > What has online/offline net connection anything to do with that? Storing > acquired information for 20 years is nothing extraordinary as far as > intelligence agencies and highly motivated individuals are concerned. How many petabytes are sent across the wire each day? Do you really think people will be storing all of today's traffic for twenty years, just so some analyst not even born yet will someday be able to say, "wow, I really want to see what's in this random guy's porn stash!"? If you have reason to believe you're a person of such interest to such professionals as would be likely to monitor and store your communications for twenty years, here's the only effective way to secure your communications: stop using any technology more sophisticated than a frying pan. bin Laden didn't keep his communications secure by using large RSA keys. He kept his communications secure by abandoning technology and using cut-outs to do his online transactions for him, and making them travel hundreds of kilometers away from Abottabad before checking into an internet cafe to send his traffic. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users