On Tue, May 29, 2001 at 12:06:28AM +1000, Tom Nott wrote:
> I've been a long-time list lurker, but these questions have finally
> gotten me to pipe up. I know they're not directly Linux questions, but I
> asked on the gnupg-users list and got ignored. Any and all help
> appreciated.
Well, I may be able to help.
> I've just started using GPG and have the following questions:
>
> What do the characters in the set "+.>^" mean during key generation?
It has been a while since I last checked but it is either an indication
of the result of the primality test or the type/amount of entropy
gathered.
Then again it could be line noise.
> Which are the times during key generation during which munging the
> keyboard would have maximum effect? Is random data gathered only at the
> beginning of the gen-key process, or all the way through?
GPG, on Linux, doesn't actually use the keyboard but makes use of
/dev/random. So you can actually just let it sit in the background
without touching the keyboard and your machine will gather entrophy
to stir into the pool.
banging on the keyboard will increase the amount of entropy in the
pool
> How much longer does it take to encrypt/decrypt using a 4096 bit key
> than a 1024 bit key? Am I right in thinking that it's only the session
> key that gets encrypted with the 4096 key, so it shouldn't affect
> encryption times too much?
Actually it is the session-key and integrity check as well. If you are
talking about common GPG use; then you'll find signing is what you'll
be doing more of.
I can't quantify the time difference between 4K and 1K keys but to say
it'll be 'noticable' even when signing. And that is only a small piece
of data.
> By how much are the size of signatures affected?
unknown, sorry.
> Are these two factors the only reasons why keys > 2048 bits are not
> recommended?
No, there a couple:
- larger keys *significantly* longer to generate.
a 2049 bit potentially takes twice as long to generate as a 2048
- keys should be set to expire periodically; large key sizes
often lull people into a sense of complanency
- key attacks are very rare; they are much more likely to use
hardware devices to see the cleartext of what you type
- large key sizes are well tested; you may actually be getting
less security than you believe
>
> Please point me at TFMs as appropriate. I've looked at "The GNU Privacy
> Handbook" and didn't find my answers there.
I actually found the handbook to be fairly good; I'd recommend
Bruce Schneier's 'Applied Cryptography' as a good reference.
Anand
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
