On 9/9/2013 4:27 AM, Doug Barton wrote:
> If what you meant was, "It's important for knowledgeable people to
> examine how long various key sizes can be expected to remain secure"
More like, "it is good that key lengths and their expected lifetimes be
subjected to rigorous study," with a soupcon o
On 9/9/2013 5:27 AM, Peter Lebbing wrote:
> [1] https://en.wikipedia.org/wiki/Bald_man_paradox
Heh. I always heard that as the "beard paradox." Same basic idea,
except the example given involves beards instead of full heads of hair. :)
At age thirty-eight, I'm beginning to develop a bit of gra
On 09/09/13 04:04, Robert J. Hansen wrote:
> Or you throw 125 machines at it instead of one. Or... etc. If something is
> unsafe at work level X, it won't be safe at work level 125X.
You've just proven that all RSA is unsafe! Repeated application (bald man
paradox[1]) of your indeed valid premis
On 09/09/2013 12:49 AM, Robert J. Hansen wrote:
On 9/8/2013 6:25 PM, Doug Barton wrote:
he seems to have studiously ignored all of the facts that point to
why what he's trying to do is a bad idea.
Nitpick: I think what he's trying to do (make credible, accurate
long-term projections) is a good
On 9/8/2013 6:25 PM, Doug Barton wrote:
> he seems to have studiously ignored all of the facts that point to
> why what he's trying to do is a bad idea.
Nitpick: I think what he's trying to do (make credible, accurate
long-term projections) is a good idea. I just think he's going about it
in a wa
On 9/9/2013 3:03 AM, John Clizbe wrote:
> Several minutes to verify a signature makes such large key sizes non-starters.
> Folks using a baseline of a 1GHz cellphone seem to have no idea of the
> lifetimes involved in MIL-SPEC equipment. I'm sure there are some 1 MIPS VAX
> 11/780s still in militar
Robert J. Hansen wrote:
>
>> Based on the guess that 10kbit has the potential of not being broken
>> within a person's life span: What problems would you experience if
>> you chose to use a 10kbit key today instead of a 4kbit key (which
>> seems to be the common choice - but which we are fairly
On 09/08/2013 06:54 PM, Leo Gaspard wrote:
> Well... If factoring takes a month, with the factor of 125, it takes
> ten years. Seems not that irrelevant to me.
Or you wait three years and let technological progression reduce the
work factor for you. Or you throw 125 machines at it instead of one
On Sun, Sep 08, 2013 at 06:29:01PM -0400, Robert J. Hansen wrote:
> A factor of 125 is so small as to be irrelevant.
Well... If factoring takes a month, with the factor of 125, it takes ten years.
Seems not that irrelevant to me.
Of course, this is made using completely made up numbers, as I do n
On 9/8/2013 5:00 PM, Leo Gaspard wrote:
> BTW, the statement "[Dan Boneh] proved that breaking RSA is not
> equivalent to factoring" is wrong : he did not prove that breaking
> RSA is easier than factoring numbers ; only that a whole ways of
> proving that breaking RSA is as hard as factoring nu
On 09/08/2013 02:00 PM, Leo Gaspard wrote:
And this means that, as long as the drawbacks associated with the use of the key
are assumed by the key owner only (as the tables state, encrypt and verify
operations being almost unchanged in time), preconizing 10kbit RSA keys is no
issue, and can only
On Sun, Sep 08, 2013 at 03:15:24PM -0400, Avi wrote:
> As must I. Robert has one of the clearest modes of exposition from
> which I have ever been fortunate to benefit.
I have to agree on this point.
The issue is that I disagree with him on his stance : in my opinion, having a
schedule stating wh
On 09/08/2013 04:02 PM, Filip M. Nowak wrote:
[snip]
> "Breakthroughs in factoring have occurred regularly over the past
> several decades, allowing us to break ever-larger public keys. Much of
> the public-key cryptography we use today involves elliptic curves,
> something that is even more ripe f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
As must I. Robert has one of the clearest modes of exposition from
which I have ever been fortunate to benefit.
- --Avi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.21 (MingW32)
Comment: Most recent key: Click show in box @ http://is.gd/4xJrs
Hi
On 09/08/2013 05:07 PM, Robert J. Hansen wrote:
> On 9/8/2013 4:32 AM, Ole Tange wrote:
>> The short answer: You do not have to trust projection to use the
>> other findings. If you have a better projection, use that instead.
>
> (...)
> We can't be sure 2048-bit keys will be broken by 2100.
Am So 08.09.2013, 11:07:21 schrieb Robert J. Hansen:
Once more I feel enlightened (and I am sure I am not the only one). From time
to time it seems appropriate to me that someone says thank you. So this time I
do that.
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP
On Sunday 08 September 2013 10:29:18 Ole Tange wrote:
> On Sun, Sep 8, 2013 at 12:06 AM, Ingo Klöcker
wrote:
> > On Saturday 07 September 2013 23:35:08 Ole Tange wrote:
> >> On Sat, Aug 31, 2013 at 11:46 AM, Ole Tange wrote:
> >>
> >> http://oletange.blogspot.dk/2013/09/life-long-key-size.html
On 9/8/2013 4:32 AM, Ole Tange wrote:
> The short answer: You do not have to trust projection to use the
> other findings. If you have a better projection, use that instead.
I do, actually. If I see that a major part of your write-up is
seriously lacking in rigor, that causes me to suspect the r
On Sun, Sep 8, 2013 at 1:53 AM, Robert J. Hansen wrote:
> On 9/7/2013 5:35 PM, Ole Tange wrote:
>> Feel free to let me know if you feel I have left out important concerns.
:
> You're projecting 87 years into the future. Why should we have any
> confidence in your analysis?
The short answer: You
On Sun, Sep 8, 2013 at 12:06 AM, Ingo Klöcker wrote:
> On Saturday 07 September 2013 23:35:08 Ole Tange wrote:
>> On Sat, Aug 31, 2013 at 11:46 AM, Ole Tange wrote:
:
>> http://oletange.blogspot.dk/2013/09/life-long-key-size.html
:
> but I'm pretty sure it's relevant for the
> battery life of you
On 9/7/2013 5:35 PM, Ole Tange wrote:
> Feel free to let me know if you feel I have left out important concerns.
The good news is that you are not your ideas. Whether your ideas are
good or bad has nothing to do with your worth as a person. A great
paper won't make you a good human being -- I've
On Saturday 07 September 2013 23:35:08 Ole Tange wrote:
> On Sat, Aug 31, 2013 at 11:46 AM, Ole Tange wrote:
> > Why not recommend a key size that will not be broken for the rest of
> > your natural life?
>
> Thanks for all your feed back on the list. I have now summed up the
> concerns raised on
On Sat, Aug 31, 2013 at 11:46 AM, Ole Tange wrote:
:
> Why not recommend a key size that will not be broken for the rest of
> your natural life?
Thanks for all your feed back on the list. I have now summed up the
concerns raised on the list on
http://oletange.blogspot.dk/2013/09/life-long-key-siz
On 09/01/2013 02:45 PM, Johan Wevers wrote:
> Why? What's the advantage of that? I replace keys after I they have a
> chance of being compromised, but not before. Same for my mail domain - I
> created a ssh certificate that is valid for 50 years (unlimited was not
> an option) and I'll replace it
On 1-9-2013 14:18, Nicholas Cole wrote:
> In a more ideal world, no one would want a key to last longer than a few
> years, and replacing keys at regular intervals would be the norm.
Why? What's the advantage of that? I replace keys after I they have a
chance of being compromised, but not before
On Sun, Sep 01, 2013 at 01:18:12PM +0100, Nicholas Cole wrote:
> On Sun, Sep 1, 2013 at 12:12 PM, Josef Schneider wrote:
>
> > I just use 4096 bit because that is the biggest size my OpenPGP Cards can
> > handle. In my opinion using a smart card instead of online keys increase
> > security far m
On Sun, Sep 1, 2013 at 12:12 PM, Josef Schneider wrote:
> I just use 4096 bit because that is the biggest size my OpenPGP Cards can
> handle. In my opinion using a smart card instead of online keys increase
> security far more than strange large key sizes!
> I also see no point using less than 4
I just use 4096 bit because that is the biggest size my OpenPGP Cards can
handle. In my opinion using a smart card instead of online keys increase
security far more than strange large key sizes!
I also see no point using less than 4096 because modern hardware is fast
enough. Maybe my keys last lon
On 08/31/2013 05:46 AM, Ole Tange wrote:
> The FAQ
> http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size
> recommends a key size of 1024 bits.
>
> Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG recommends that.
It shouldn't; NIST recommends 2048 bits for 20 ye
On 08/31/2013 08:27 PM, Anthony Papillion wrote:
> Personally, I trust my 4096 bit key for now until ECC is integrated
> into GnuPG. Then, I'll recreate my keys. Looking for a key that will
> never be broken is like looking for the fountain of youth: it's a nice
> idea but not realistic to plan yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 08/31/2013 04:46 AM, Ole Tange wrote:
> The FAQ
> http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size
>
>
recommends a key size of 1024 bits.
>
> Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG
> recommends tha
On Sat, Aug 31, 2013 at 7:41 PM, Ingo Klöcker wrote:
> On Saturday 31 August 2013 11:46:31 Ole Tange wrote:
>> The FAQ
>> http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-s
>> ize recommends a key size of 1024 bits.
>>
>> Reading http://www.keylength.com/en/4/ I am puzzled why G
On 31-8-2013 11:46, Ole Tange wrote:
> Why not recommend a key size that will not be broken for the rest of
> your natural life?
In that case, I assume 3072bit is sufficient. Making the public/secret
key a little stronger than the session keys (128 bit for most symmetric
ciphers) makes sense (bre
On Saturday 31 August 2013 11:46:31 Ole Tange wrote:
> The FAQ
> http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-s
> ize recommends a key size of 1024 bits.
>
> Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG
> recommends that.
>
> Why not recommend a key size th
The FAQ http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size
recommends a key size of 1024 bits.
Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG recommends that.
Why not recommend a key size that will not be broken for the rest of
your natural life? (Assuming the
35 matches
Mail list logo
