[NTLUG:Discuss] OT: Cryptography Key Length
Dennis Rice
dennis at dearroz.com
Sat May 26 16:28:38 CDT 2007
Just wanting to start a general topic discussion regarding encrypting of
a message. I am assuming that all have some familiarity with GPG (alias
PGP) in the open source world.
The old legal limits to encryption using a symmetric key was 56 bits,
and is now 128 if I understand correctly. Today, I am under the
impression that an asymmetric key is equivalent to a shorter symmetric key.
In presenting the GPG process in class the other day, I observed that
the new limits to GPG for key length was between 1024 and 4096 bits (it
use to be 768 to a "recommended" 2048, default 1024). I attempted to
create a 8192 bit key, and the gnupg software said no (nicely), so I
chose a 4096 key length.
OK, all that is great, but how does that fit into the limitations
presented by the law? There are distinct reasons for limiting the key
length by the government (no opinion presented), and I thought it was
128 bits. So how does one have the right to create a 4096 bit key and
not have the feds coming down on us? I sure would hate to see a
limitation to encryption placed on us by limiting the encryption key,
but at the same time, I more dislike the idea of some drug dealer or
terrorist sending encrypted messages back and forth using a large key
under gpg.
Hopefully a general discussion that might be of interest to more than
just myself. Appreciate your discussion.
Dennis
More information about the Discuss
mailing list