multiple subkeys and key transition
Faramir
faramir.cl at gmail.com
Fri Dec 10 03:21:20 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 09-12-2010 16:17, Robert J. Hansen escribió:
...
> It is unlikely it ever will. 3K RSA keys are believed to be equivalent
> to a 128-bit symmetric key. If computational power ever develops to
> that point, the solution is going to involve moving to entirely
> different algorithms instead of just tacking on another couple of bits.
I might be wrong, but I remember Bruce Schneier used thermodynamic to
show it is not feasible to brute-force a 256 bits key, because the
energy required to do it would be too much (like all the energy
generated by the sun for several years, or something like that), even
considering the computer used is fast enough, and doesn't lose energy as
heat. It was somewhere in "Applied Cryptography, 2nd Ed." (search by
"Thermodynamic Limitations" title). But of course, a flaw in AES would
be a very different problem.
Now, I'm not advocating for the usage of 32,768-bit RSA keys (nor
tweaking GnuPG to allow 8,192-bit keys), but I was thinking... What is
the key length of the OpenPGP implementation of Twofish? (I put Twofish
as an example, because of the for-now-useless flaws in AES 256). If it
is 256 bits, and provided the algorithm doesn't have flaws (or given it
doesn't get as much attention as AES, the flaws remain undiscovered), we
would already have "the ultimate symmetric algo" available, so we might
want to use the strongest asymmetric size currently available.
And a question: does the computation power required to factor RSA keys
increase in lineal or more-than-lineal way?
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJNAY6gAAoJEMV4f6PvczxAdpQH/i+nbcvE4RHOvjRQT2KBsKnT
sdHYIgcU1B0TtEYeyWBDDwTY73przqnrtQ792WAjVvTjde5vhVkYdg6q8rJ7520D
oNBEIkNarpWOoHC/ubqsTNq0mCKlqjH5xXq2vD0ATHbwiTGGErxbCZmn+IxEt2J1
aNGSfEho2LiAozzYVGZDPXFK6qQnk5JPlwEhJSYND30XEDIaLr0nDsdzBirsYv/g
/27WfcKWcAWQ54rBZ2J43W2sxCOEOk5TJh6S4XYHBf3gL5ZXBBj60MUXCdGg4N5T
maRL1xMDGpTBbOn45gBYfQ38nYi28HkFYgOlzTBcHoVKUciFoDB5ui7zmeHKchk=
=IzV+
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list