Re: encryption algorithm

Tue, 17 Dec 2013 14:06:29 -0800 

so strong algorithms by default is a good idea.


Yes, which is why RSA-2048 is recommended.


I don't understand the reasoning by which you have concluded that I am  
advocating RSA-1024.  I'm not.  I think the default of RSA-2048 is a  
good one.  I'm only saying that for most users and most purposes,  
RSA-1024 is sufficient; to reach "virtually all users" and "virtually  
all purposes" we have to move to RSA-2048.



I'm not sure how you get this claim from these reports...



Simple: I'm human and I misremembered NIST's "secure until 2030" as  
"secure for 30 years".  :)



what it looks like to me.  For example, ECRYPT 2012's report sees
2432-bit RSA as equivalent of 112 bit symmetric cipher, which it claims
is acceptable for ≈20 years.  Please see section 7.2:



NIST's guidance says 2048-bit RSA is equivalent to 112 bits of  
symmetric cipher, as does ENISA and RSADSI.  ECRYPT is certainly free  
to come up with their own metric; they're a competent outfit.  But  
let's acknowledge that ECRYPT's opinion is a minority one, rather than  
cherry-pick an outlier opinion and declare it to be authoritative.



According to ECRYPT 2012 (same report referenced above), RSA 1024 falls
in at the equivalent of about 73 bits of symmetric cipher.  According to
the authors, this is  "Short-term protection against medium
organizations, medium-term protection against small organizations", not
"a First World government".



NIST puts it in at 80 bits.  Let's not forget how long it took the  
RC5-64 project to exhaust a 64-bit key.



Can it be broken?  Sure.  Easily?  No.  If you're worried about Google  
being able to mine your message for targeted ads, that's plenty  
enough.  If you're worried about your local sysadmin reading your  
personal mail, that's plenty enough.  If you're sending Vladimir Putin  
slashfic to a Russian publisher, maybe you should rethink using such a  
short key.



While i don't agree with adrelanos' entire draft, i do agree that the
default key size for gpg should be larger.


Yes.  You've made this opinion abundantly clear many times.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



























					Reply via email to