Linux crypto killer apllication

[David Picón Álvarez]

From: "Robert J. Hansen" <rjh at sixdemonbag.org>
> Some of Mark Twain's writings are not to be released until 2010.
> [shrugs]  The presence of outliers proves nothing other than there are
> outliers.  The general point I'm making remains: I consider it an
> unproven, unfounded, and overly broad assertion that most people have
> secrets they want kept for the duration of their lives.

>From the patterns of use of crypto most people don't have any secrets worth 
bothering with, and most people don't want their e-mail kept secret. Maybe 
under this logic GnuPG shouldn't exist. I assert that if GnuPG can serve a 
set of users without causing harm to anyone and complicating the design 
(which permitting longer keys wouldn't do) it probably should.

> This is Ron Rivest we're talking about here -- one of the brightest
> lights in modern crypto.[*]  If Ron's predictions have a track record of
> failure, and so does everyone else's, then why are we taking the "16kbit
> for a century" predictions seriously?

Because it is probably a fairly good lower bound.

> Apparently you haven't used an iPhone.  The iPhone supports IMAP, and a
> lot of computer geeks I know have their iPhone set up to monitor their
> inbox.  It's an awful platform to write emails from, but it's very
> useful for mobile work.  Porting GnuPG to the iPhone would be fairly
> straightforward -- writing a GnuPG plugin for the iPhone's mail client
> would probably not be too hard -- but waiting five minutes for the
> iPhone to number-crunch a 16kbit key would be excessive.

1) Did you have to choose the iPhone, one of the most free-software-hostile 
platforms ever, to exemplify smart pohnes? 2) Are you sure RSA 16k would 
take that long to run? Those microprocessors are getting pretty decent these 
days. 3) Like it or not, smart phones are not to be considered, for now, 
general purpose computers. They can do many things, but not everything 
expected from a computer at this point.

> Mobile is where things are at nowadays.  A good cell phone is a
> surprisingly powerful computer, comparable to a desktop of a decade ago.
> It has great connectivity and you can easily get tens of gigabytes of
> storage attached.

Yes, and probably not too far in the future it will be able to do RSA 16k in 
reasonable time if it can't today.

> Don't be fooled by the small displays and awkward user interfaces.

Beware the SDK terms though.

> Ask yourself this question: "why, then, is the original poster
> recommending the use of RSA, when all that's needed is symmetric crypto?"

RSA is more flexible. Easier to protect several documents, easier to have 
shared secrets, etc.

> The more we focus on adding another few bits to our keys, the less we
> focus on the human factor.  That's where your attention needs to go when
> it comes to long-term security.  People talk.  They always do.

I don't think that's actually true. In the margin, we should be using 512 
keys because that way we can focus more on human security issues. Reductio 
ad absurdum, but you see my point: deciding to have an RSA 8k key or RSA 16k 
key doesn't particularly detract from placing emphasis on other measures of 
human-related security.

--David.