surveillance, Re: long-term GPG signing key

2006-01-20 Thread Ed Gerck
Ben Laurie wrote: Perhaps this is time to remind people of Security Against Compelled Disclosure: http://www.apache-ssl.org/disclosure.pdf. Thanks. Survelillance technology is now almost 6 years ahead of April, 1999, when the cited Report to the Director General for Research of the European

Re: long-term GPG signing key

2006-01-19 Thread Ben Laurie
Travis H. wrote: I must admit, I just had a duh moment. Why the heck am I expiring encryption keys each year? Anyone who records the email can crack it even if the key is invalid by then. All it really does is crudely limit the quantity of data sent under that key, which is little to none

Re: long-term GPG signing key

2006-01-18 Thread leichter_jerrold
| Even though triple-DES is still considered to have avoided that | trap, its relatively small block size means you can now put the | entire decrypt table on a dvd (or somesuch, I forget the maths). | | | This would need 8 x 2^{64} bytes of storage which is approximately | 2,000,000,000

Re: long-term GPG signing key

2006-01-17 Thread Werner Koch
On Thu, 12 Jan 2006 00:48:05 -0600, Travis H said: All it really does is crudely limit the quantity of data sent under that key, which is little to none anyway. And it has the advantage that people will stop sending encrypted mail to this key after the expiration date. Comes handy if you

RE: long-term GPG signing key

2006-01-17 Thread Trei, Peter
Alexander Klimov wrote: On Wed, 11 Jan 2006, Ian G wrote: Even though triple-DES is still considered to have avoided that trap, its relatively small block size means you can now put the entire decrypt table on a dvd (or somesuch, I forget the maths). This would need 8 x 2^{64} bytes of

Re: long-term GPG signing key

2006-01-17 Thread Guus Sliepen
On Sat, Jan 14, 2006 at 12:30:25PM -0700, Anne Lynn Wheeler wrote: Guus Sliepen wrote: By default, GPG creates a signing key and an encryption key. The signing key is used both for signing other keys (including self-signing your own keys), and for signing documents (like emails). However,

Re: long-term GPG signing key

2006-01-17 Thread Anne Lynn Wheeler
Guus Sliepen wrote: It depends on how it is used. For example, when I sent this email, I typed in the passphrase of my PGP key, authorising GnuPG to create a signature for this email. This comes very close to human signing. I read, understood, approve etc. with the contents of this email.

Re: long-term GPG signing key

2006-01-17 Thread Ian Brown
Travis H. wrote: Why the heck am I expiring encryption keys each year? Anyone who records the email can crack it even if the key is invalid by then. All it really does is crudely limit the quantity of data sent under that key, which is little to none anyway. If your threat model includes

Re: long-term GPG signing key

2006-01-13 Thread Travis H.
I must admit, I just had a duh moment. Why the heck am I expiring encryption keys each year? Anyone who records the email can crack it even if the key is invalid by then. All it really does is crudely limit the quantity of data sent under that key, which is little to none anyway. *bonks

Re: long-term GPG signing key

2006-01-13 Thread Alexander Klimov
On Wed, 11 Jan 2006, Ian G wrote: Even though triple-DES is still considered to have avoided that trap, its relatively small block size means you can now put the entire decrypt table on a dvd (or somesuch, I forget the maths). This would need 8 x 2^{64} bytes of storage which is approximately

Re: long-term GPG signing key

2006-01-13 Thread Rob Skedgell
On Wednesday 11 January 2006 08:04, Ian G wrote: [...] I don't think EC is available for OpenPGP although GPG may have some experimental product in it? RFC2440 has 9.1. Public Key Algorithms has ID 18 as Reserved for Elliptic Curve followed by the statement Implementations MAY implement any

Re: long-term GPG signing key

2006-01-13 Thread Guus Sliepen
On Tue, Jan 10, 2006 at 03:28:49AM -0600, Travis H. wrote: I'd like to make a long-term key for signing communication keys using GPG and I'm wondering what the current recommendation is for such. I remember a problem with Elgamal signing keys and I'm under the impression that the 1024 bit

Re: long-term GPG signing key

2006-01-13 Thread Ian G
Alexander Klimov wrote: On Wed, 11 Jan 2006, Ian G wrote: Even though triple-DES is still considered to have avoided that trap, its relatively small block size means you can now put the entire decrypt table on a dvd (or somesuch, I forget the maths). This would need 8 x 2^{64} bytes of

Re: long-term GPG signing key

2006-01-11 Thread Ian G
Amir Herzberg wrote: Ian G wrote: Travis H. wrote: I'd like to make a long-term key for signing communication keys using GPG and I'm wondering what the current recommendation is for such. I remember a problem with Elgamal signing keys and I'm under the impression that the 1024 bit strength

Re: long-term GPG signing key

2006-01-11 Thread Adam Back
There are a number of differences in key management priorities between (communication) signature and encryption keys. For encryption keys: - you want short lived keys - you should wipe the keys after at first opportunity - for archiving you should re-encrypt with storage keys - you can't detect

Re: long-term GPG signing key

2006-01-11 Thread Ian G
Travis H. wrote: On 1/10/06, Ian G [EMAIL PROTECTED] wrote: 2. DSA has a problem, it relies on a 160 bit hash, which is for most purposes the SHA-1 hash. Upgrading the crypto to cope with current hash circumstances is not worthwhile; we currently are waiting on NIST to lead review in hashes

Re: long-term GPG signing key

2006-01-11 Thread Ian G
Perry E. Metzger wrote: Ian G [EMAIL PROTECTED] writes: Travis H. wrote: I'd like to make a long-term key for signing communication keys using GPG and I'm wondering what the current recommendation is for such. I remember a problem with Elgamal signing keys and I'm under the impression that

Re: long-term GPG signing key

2006-01-11 Thread Anne Lynn Wheeler
Perry E. Metzger wrote: Even in totally ordinary circumstances it is important to have very strong signing keys. Your comments were insupportable. there is a somewhat separate issue having to do with security proportional to risk. minor old posting: http://www.garlic.com/~lynn/2001h.html#61

Re: long-term GPG signing key

2006-01-10 Thread Ian G
Travis H. wrote: I'd like to make a long-term key for signing communication keys using GPG and I'm wondering what the current recommendation is for such. I remember a problem with Elgamal signing keys and I'm under the impression that the 1024 bit strength provided by p in the DSA is not