Re: ECC in OpenPGP
2010-09-02 16:43:54
To rephrase what Jon, said, it makes no sense to set AES 256 as first
preferred cipher in 2048 RSA PGP key preference lists, as is commonly
done (example: default in gpg2 --gen-key). Also note that mentioned
2Kbyte field is per recipient in each of encrypted messages. The pref.
change is a practical method to save CPU time without sacrificing security.
NIST is working on SP 800 131, in which RSA 2048 is the minimum allowed
algorithm, corresponding to 110 bit security. The document suggests to
disallow PKCS#1.5 padding after 2013. If we are going to address this,
it makes sense to do such a significant change together along with ECC,
as specified in http://sites.google.com/site/brainhub/pgp.
The importance of ECC raises if you believe that future computing
environment will be more diverse and shift more toward weak mobile
devices. Whether or not you believe in ascent of quantum computers, why
not get that number of Q-bits higher anyway.
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: ECC in OpenPGP,
Andrey Jivsov <=
|
|
|