On 01/04/2013 04:00 PM, jbar wrote:
On Fri, 04 Jan 2013 11:56:36 -0800 Andrey Jivsov
Should we rather say that the _practical_ value is about 60 (it's not to
say that 2^60 is that practical, but that there is an expensive but an
actionable attack plan). The following post leads the reader to the
In either case, humans are less than 2^33 todays and this number should not
increase so much in the next decades. Even if each living human use OpenPGP
and more than a dozen of keys, we are far from 2^60 or 2^51...
I think you're trying to analyze this in a scenario where you want to
establish equitable sharing of limited resources among cooperating peers.
This is not the scenario the OpenPGP specification needs to concern
itself with. Rather, the OpenPGP specification needs to be concerned
with providing cryptographically strong guarantees in the face of
malicious and well-funded adversaries.
That is, it's not enough to say that we have enough to go around. We
need to show that the search space is large enough (and the digest
strong enough) that someone can't come up with a new key that matches
the fingerprint of your key, even if they have millions of dollars and
powerful computers at their disposal.
Description: OpenPGP digital signature
openpgp mailing list