SSH Agent keys >4096 bit?

Milo gnupg at oneiroi.net
Sat May 5 16:17:58 CEST 2012


On 05/05/2012 03:13 PM, Robert J. Hansen wrote:
> On 5/5/12 8:57 AM, Milo wrote:
>> "Derivatives of Shor's algorithm are widely conjectured to be effective
>> against all mainstream public-key algorithms including RSA,
>> Diffie-Hellman and elliptic curve cryptography". I'm not considering all
>> of them. I used more general expression.
> 
> In that case, everything you're advocating is confusing me.  Yes, if and
> when QC comes along many existing systems will need to be considered
> suspect.  However, if you're concerned about QC you will get far more
> mileage from switching to a QC-resistant asymmetric algorithm than from
> adding a few bits to your RSA key.  Why all this focus on longer RSA
> keys as a response to QC?  It makes no sense at all.

You are mixing two topics:

Need of security margin better then provided by one of common, widely
used asymmetric algorithms using 4k key

and/with

possible impact of QC on asymmetric ciphers in general.

Second topic was started indirectly by you with "tap on nova's energy
output" and my reply to this part has not much too do with first part.

>> But I don't think that biggest proponents of longer asymmetric keys are
>> such kind of guys. Your approach advised to this hypothetical person is
>> more like tao of using encryption then set of objective rules.
> 
> That's because there are very few objective rules.  Computer security is
> dominated by the human element, and human beings do not tend to strictly
> follow objective rules.

Hmm. Not sure if I can agree with you here. This is something I must
think about.

> When it comes to crypto, yes, we can say certain things with great
> mathematical certainty.  The instant that crypto gets fielded, though,
> the math becomes the least important part of the equation.  The human
> element becomes overwhelmingly dominant.
> 
>> But lacking bigger margin of security because of limited key space.
> 
> NIST has certified 3DES until 2030: it is quite likely that in 2030 3DES
> will be certified for another couple of decades.

Guesswork.

>> Check 3des history for details (
>> https://en.wikipedia.org/wiki/3des#Keying_options ).
> 
> I did, and I don't see anything in there that are ugly hacks or
> backwards-incompatible.  Choose your keying option (three-key being
> preferred), stick with it and you're done.

"(...) This improves the strength of the algorithm when using keying
option 2, and _provides_ _backward_compatibility_ with DES with keying
option 3."

If you aren't OK with this view - fine. Can't help it. The fact is the
simpler and more transparent cipher is, the easier its security
evaluation is. Simplicity in cryptography is often practical.

-- 
Regards,
Milo



More information about the Gnupg-users mailing list