-----BEGIN PGP SIGNED MESSAGE----- On Mon, 8 Jul 1996, David F. Ogren wrote:
Despite the above, there are convincing arguments for longer RSA keys. Instead of asking "Why should we have longer keys?", perhaps we should be asking "Why _shouldn't_ we have longer keys?"
In a hybrid cryptosystem such as PGP, very little of the computational process is consumed by RSA encryption. Only a tiny fraction of the message is RSA encrypted (the session key), and thus the time-critical operation is the symmetric crypto system (IDEA for PGP).
As an experiment generate a 2047 bit PGP key and a 512 bit PGP key. Encrypt a file (preferably of a reasonable size) using both keys. Depending on the computer you are using, the time difference between the two keys will be a matter of few seconds or even a fraction of a second.
Now try decrypting the file, or signing another file. I have a 486-66 which is now considered hopelessly sluggish by today's standards. It takes about 5 seconds, while doing the same operation with a 512-bit key takes less than a second. I sign every one of my messages, so such a time delay gets quite annoying. I do have a 2048-bit key and encourage people to encrypt messages with it, but I won't be signing messages with that key anytime soon unless there is a much faster mpilib for PGP. Other than that, I do completely agree with what you have written. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeKcCLZc+sv5siulAQERzwP/UblIctGSBcQ+ZPxvhBchcUoEfaERUHcN GKdJhZGV5Pb2GeQfAhG3Hsn0eHMKJFNP1AgB4Q6E4VoOhQzfOClOd4x3m9DOEmCC ezJFg7/YxlJ7kzk8e8XYD6pXKYMWGLlsQi6lrS0wZcmsi6rmWGqr7ao7tlQA9+vg rxNCd30uw6Y= =yZm+ -----END PGP SIGNATURE-----