-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/05/12 18:23, Hubert Kario wrote: > On Tuesday 22 of May 2012 13:34:20 da...@gbenet.com wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 22/05/12 09:58, tim.kac...@gmail.com wrote: >>> I think it should be okay to dredge up this topic ever couple years. From >>> what I am >>> reading, links below, I do not feel comfortable with the key length and >>> algorithmic security offered by GPG's defaults. >>> >>> I have not been able to figure out how to get keylengths greater than 3072 >>> for >>> DSA/elgmal or >4094 rsa, so I conclude that generating them is unsupported >>> by GPG >>> although GPG can use them. I have seen many people saying that these types >>> of key >>> lengths are way more than anyone could reasonably need, but I am skeptical. >>> >>> I am involved in a local Occupy (bet you thought occupy was kaput eh? well >>> as it >>> were known it is but that's another story) and frankly we aren't just up >>> against >>> one intelligence agency, but all intel agencies put together. An entire >>> global >>> class of people. You can argue that they may be uninterested in me, >>> however I >>> don't buy that argument at all because they have spent (possibly a lot) >>> more than a >>> thousand dollars at least on me personally at this point I am sure in >>> policing >>> costs to try to survielle and intimidate me, after you divide down. >>> >>> The eviction alone at my occupy cost (probably greatly) in excess of >>> >>> $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours. There >>> are >>> also estimates made that in the US 1 in 6 "protestors" is actually a >>> government >>> agent of one sort or another, dept of defense, homeland security, fbi what >>> have >>> you. And that exludes any thugs the bankers put in the crowd as privately >>> hired >>> types. >>> >>> Secondly I want my communications to remain unread into the relatively >>> distant >>> future. Given the sort of crap the 1% do wrt murdering and maiming vast >>> quantites >>> of people for a couple extra bucks I would not be the least bit surprised >>> if 20 >>> years from now they "dissapeared" me because I passed our some pamphlets >>> that said >>> "end class war now". >>> >>> An enemy is an enemy, and enemies must be smooshed, right? Why take risks> >>> like >>> letting an innocent person live if they might concievable scratch your >>> gravy train >>> at some point in the future? Abductions and bullets aren't that expensive >>> once you >>> got everything all set up, it's a good investement. >>> >>> >>> I'm 23 now and I take various modest precautions to ensure that I have the >>> best >>> chance I can to remain in good health when I am 43. Or 63. A couple >>> hundred extra >>> milliseconds of decryption/encryption time per message for a key longer >>> than 3072 >>> or 4092 sounds like a good choice frankly. Is that not what we are looking >>> at? >>> >>> And yes I recognize that it would be a lot easier for them to plant spyware >>> on my >>> computers than break the keys, however they can't plant spyware on everone's >>> computer. without people noticing They do slurp up and probably store >>> indefinitely >>> all text -and many other- communications on the internet (carnivore etc.). >>> In the >>> future, data they don't have they can't use. There is always a substantial >>> probability that they will not get my keys with spyware, and I would like >>> capitalize (If you'll pardon me) on that. >>> >>> Fourthly a little safety margin never hurt. >>> >>> I think it should be easier to pick longer keys. Also info should be >>> included in >>> the compendium regarding practical aspects of key choice, like a table that >>> shows >>> how long it takes to encrypt a symmetric key with 2048, 4092 etc. Or event >>> just a >>> table in which you select your adversary, then your time horizon, and it >>> tells you >>> what key lengths are suitable, with due warnings and notes regarding the >>> possibility of quantum computers, mathematical advances etc. >>> >>> I understand that no matter how long the keys are it's still only a >>> relatively >>> small part of the equation. However I thought it was the norm to pick >>> something >>> that basically eliminated concern about the encryption being broken, so one >>> could >>> forget about that part and focus on the rest.of your security worries. >>> >>> My trust in GPG has been disturbed by this state of affairs. I thought I >>> could >>> just trust the defaults but I am finding that they may not really include >>> the >>> safety margin that people desire. I shudder to think of people who are >>> doing more >>> serious stuff in the class war than little ol' me (which isn't hard). >>> >>> Links: http://en.wikipedia.org/wiki/RSA_%28algorithm%29 >>> -http://www.schneier.com/essay-368.html < note that this was written in 1998 >>> http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes >>> it clear >>> that it is not unreasonable for someone in my position to choose a 4096 bit >>> key. >>> >>> >>> http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government >>> requires >>> 192 or 256-bit AES keys for highly sensitive data. A 3072 bit RSA or >>> elGamal key is >>> about equivalent to 128 bit symmetric key, right? And a 256 bit key length >>> equivalent public key is abut 15,387 bits.. I think if people want to use >>> the same >>> level of encryption for their data that the government uses shouldn't that >>> be >>> supported at least in command line mode? >>> http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies in >>> computation and cost of public key vs. symmetric. >>> >>> _______________________________________________ Gnupg-users mailing list >>> Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> Some say that all the power of the universe - and all the time its been in >> existence >> will not crack a 2048 bit key with a secure passphrase. So by the time the >> universe >> is well and truly over and some poor sod of a government agent is alive and >> well he >> will not have cracked yer e-mails or indeed any encrypted data. Can you >> imagine that >> power from a computer? No. The mind boggles at the energy it would consume - >> a >> million million million ad infinitum suns. >> >> But they "key" to all this is them holding your private key - it would be >> quicker and >> a lot simpler to crush your balls with a pair of pliers - you will give up >> your most >> treasured possession - your passphrase. This is the meaning of brute force >> attacks on >> your key. >> >> The strength of your passphrase is critical alpha numerics take the whole >> universe to >> crack where as a phrase like: >> >> "marymary&%/*had*)/+a:+=little$�"KL$Donkey#*hadxxxabad%$*JHGbadIUNG6**leg^ >> )andalways@#][a\|little-0UHKTwalkedUKL:@?^wonkey >> >> >> is a good key it will last you forever - if you can stand having your balls >> crushed. >> So the best form of security would be to invest in a sturdy steel codpiece >> and a long >> passphrase. >> >> David > > "everything that could be invented has been invented" > > "640k ought to be enough for anybody" > > Do we really have to repeat the history? > > Regards,
Ah I missed out the foil hat - the invisibility cloak and the light absorbing paint - oh well - I noticed that no one was in any kind of paranoid rush to send encrypted e-mails :) David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPu9QeAAoJEOJpqm7flREx9dAH/3/glUi2F0wYFA/jkhlDKswT lIhcTtnSBQOscjMCVnmEOThHRdOMdpui8hsWnxuYjEAI94Adzs+0piFyuio86+P2 zJR2cVz3B1/GTS1jErKjByQiYhk8RbxYDLGCxY69gMMp0usEpWyBDCiFAFONab0H ERUfhiue4hXaeS1Yi71CkelXGgHw689BLSTGQXUeQFCuZW4JuJ8VNeOWA6hMtX5c N7p3q+oAE3epxQU10Dg5doCcGJE2KGP44S8PbS+rlOHEwkm8nYHNuxZJXUjaLcMk TRAI+fGp8bzjFXfXGBnmrMS4dIZ8Eu9UEVsz3cW9mjpQgb1UrvmbSW+gVguDgps= =aYwi -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users