cryptofaq
Darrin Chandler
dwchandler at stilyagin.com
Sun May 13 15:22:24 MST 2007
On Sun, May 13, 2007 at 01:24:30PM -0700, der.hans wrote:
> >I'm admittedly a little slow this morning, but I haven't made any
> >connection between Phoenix and that web page. Interesting read, but I'm
> >curious what the connection is...
>
> There isn't one that I know of. We get questions about SSH and GPG on the
> list. I think that FAQ will be useful for those interested in knowing more
> about what types of keys to use.
Yes, we do. Since my last GPG post I installed Enigmail at work (where I
use Thunderbird), and noted that signing someone else's key is a trivial
operation there, as well as in straight GPG.
A thing that I think many people might miss, in both, is to upload the
signed key once you've signed it. This makes the signature available to
others, which is a major point...
> The Phoenix comment was about the heat generation from throwing out bits.
>
> http://www.sixdemonbag.org/cryptofaq.html#entropy
>
> Guess I should've given more intro into why I was posting the link.
Ah! Got it. By the time I'd read that far I was too far into it to get
the connection.
> It made sense to me that anyone who'd read it would find it interesting. I
> guess I just forgot that I was posting the link for people who hadn't yet
> read it...
>
> For those who haven't yet looked at the link the author describes
> relationships between different types of problems and how they apply to
> cryptography. He also goes into the resources needed for brute force
> cracking of keys and uses that back up his opinions on the viability of
> brute force cracking of keys.
>
> At the end he makes recommendations for what types of ciphers to use and
> how many bits to have in a key for the ciphers and includes some
> explanation of why he makes the recommendations.
I found it interesting and informative, though I disagree with a couple
of his conclusions. But he could be right and I could be wrong... but,
then again, that's the whole point. We really have no good indication
how good the NSA or other groups are. We can speculate, but we don't
know.
On other fronts, he's dead on. Choosing astronomical key sizes isn't
going to help. The cyphers have an inherent strength, which may be
weakened by small key sizes or reduced rounds, but increasing key size
or number of rounds doesn't always improve things.
In any case, nice link!
--
Darrin Chandler | Phoenix BSD User Group | MetaBUG
dwchandler at stilyagin.com | http://phxbug.org/ | http://metabug.org/
http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
More information about the PLUG-discuss
mailing list