ietf-openpgp
[Top] [All Lists]

Re: Restricting key sizes to mult of 64 bits

1999-04-16 07:17:44
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


At 10:09 PM 99/04/14 +0200, you wrote:
hal(_at_)rain(_dot_)org writes:

At the same time, we are considering requiring that 
newly generated keys of the other types, ElGamal 
and RSA, also be multiple of 64 bits (note

I can agree on a multiple of 8 bits but I don't the 
an advantage to use any other value.

Why?

For a given maximum key size, this restriction cuts
the available key space in half, approximately. What
effect does it have on the difficulty of an attack?

to do the RSA calculations.  As it turned out, CAPI 
had a bug which prevented it from working properly 
with unusual key sizes.  Those users weren't able 
to use their keys with the CAPI version.

Working around bugs in one companies new product is a 
Bad Thing to do. 

Discovered errors are an indicator that additional, 
latent errors are likely to exist. The fringe cases 
are often the ones which encounter the errors. If we 
do not permit "odd" key sizes, or other inconvenient 
usage, then we may allow sloppy practices which 
ultimately might jeopardize the security of the user.

There are many other issues we could fix for them by 
changing the standards ;-). 

Adding workarounds for some products which are around 
for a long time is a different thing.

Yes. A warning to the user, or a documented
configuration option, is a much better solution.


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQA/AwUBNxdE1d3xSrdLzmIWEQIC/QCglPlmDWGK1lFvKHgv9I+0e8TvXkwAniSS
zfdv4rzgNA1/tourvMQ5l0BO
=g6pw
-----END PGP SIGNATURE-----