2047 bit keys in PGP
What is the deal with the 2047 bit keys? How do you produce one? IS it compatible with international versions? -- ==================Douglas Elznic=================== delznic@storm.net http://www.vcomm.net/~delznic/ (315)682-5489 (315)682-1647 4877 Firethorn Circle Manlius, NY 13104 "Challenge the system, question the rules." =================================================== PGP key available: http://www.vcomm.net/~delznic/pgpkey.asc PGP Fingerprint: 68 6F 89 F6 F0 58 AE 22 14 8A 31 2A E5 5C FD A5 ===================================================
"Douglas F. Elznic" <delznic@storm.net> said: DE> What is the deal with the 2047 bit keys? How do you produce one? IS DE> it compatible with international versions? When you do 'pgp -kg', you are asked to pick a PGP key size, and given 3 preselected sizes. You can select one of the sizes, or enter your own choice. Actually, the pgp source will allow 2048, but there is a bug in the DOS version (from the compiler) that limits that one to 2047. The international version is identical to the domestic one, except for the RSA code, so everything is interoperable. There is a hacked version that allows 4096 bit keys, and the supersized keys are incompatible. -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3 Junk email is NOT appreciated. If I want to buy something, I'll find you.
"Douglas F. Elznic" <delznic@storm.net> said:
DE> What is the deal with the 2047 bit keys? How do you produce one? IS DE> it compatible with international versions?
=09When you do 'pgp -kg', you are asked to pick a PGP key size, and given 3 preselected sizes. You can select one of the sizes, or enter your own choice. Actually, the pgp source will allow 2048, but there is a bug in the DOS version (from the compiler) that limits that one to 2047. The international version is identical to the domestic one, except for the RSA code, so everything is interoperable. There is a hacked version that allows 4096 bit keys, and the supersized keys are incompatible.
Are you sure it's a bug in the DOS version? When I did a pgp -kg in my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too created a 2047 bit key instead. Why is there a limit to the size of the key anyway? It's too bad PGP doesn't support any size key (within reason).
Laszlo Vecsey <master@internexus.net> said: LV> Are you sure it's a bug in the DOS version? When I did a pgp -kg in LV> my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too LV> created a 2047 bit key instead. I had heard elsewhere that there was such a bug. My mistake, then. LV> Why is there a limit to the size of the key anyway? It's too bad PGP LV> doesn't support any size key (within reason). As I understand it (which, given my previous error, is in serious doubt), after a point the IDEA session keys become far easier to use a brute force attack on than the RSA keypair. Since I think that increasing the RSA keysize is supposed to double the attack time, if a RSA key size of N takes as much time to break as 1 IDEA key, making the RSA key N+8 bits makes it better to break the IDEA keys of 200 messages rather than the RSA key. Does anyone know if there are comparisons of estimates of the time to break the IDEA session keys used in PGP vs time to break RSA keys of various sizes? -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3 Junk email is NOT appreciated. If I want to buy something, I'll find you.
(sorry if this is a duplicate) Laszlo Vecsey <master@internexus.net> said: LV> Are you sure it's a bug in the DOS version? When I did a pgp -kg in LV> my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too LV> created a 2047 bit key instead. I had heard elsewhere that there was such a bug. My mistake, then. LV> Why is there a limit to the size of the key anyway? It's too bad PGP LV> doesn't support any size key (within reason). As I understand it (which, given my previous error, is in serious doubt), after a point the IDEA session keys become far easier to use a brute force attack on than the RSA keypair. Since I think that increasing the RSA keysize is supposed to double the attack time, if a RSA key size of N takes as much time to break as 1 IDEA key, making the RSA key N+8 bits makes it better to break the IDEA keys of 200 messages rather than the RSA key. Does anyone know if there are comparisons of estimates of the time to break the IDEA session keys used in PGP vs time to break RSA keys of various sizes? -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3 Junk email is NOT appreciated. If I want to buy something, I'll find you.
-----BEGIN PGP SIGNED MESSAGE----- Sten Drescher writes:
Since I think that increasing the RSA keysize is supposed to double the attack time, if a RSA key size of N takes as much time to break as 1 IDEA key, making the RSA key N+8 bits makes it better to break the IDEA keys of 200 messages rather than the RSA key.
Does anyone know if there are comparisons of estimates of the time to break the IDEA session keys used in PGP vs time to break RSA keys of various sizes?
Off the top of my head, the figure I have usually heard quoted puts RSA at about 100 times slower than your average symmetric key algorithm. So ignoring key setup, I would expect an extra factor of 100 in the brute forcing time for RSA over IDEA. I don't believe it's worth spending much time worrying about your RSA key size. If you pick some decent size (1-2k), it's likely that RSA itself will have been broken, or your key compromised by some other means, before any direct brute force attack will succeed. Futplex <futplex@pseudonym.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMOsKNCnaAKQPVHDZAQHIRgf/ZS29BnGaZ60PeMlhIoniETAtI2VYNstM yFV6tl5w1Kzu9Q2TcJk/tdpW9QVbWOrB2IMdELBrk1urcYBS6YUBXcAlI7UhinA9 sapoZpz3WUCnRdb/64HkGFsOYgEVyVjsrrmu+M2RUUNRnOwWSS0KFAz8GYqj83ry xSpvrRNJPqCNARBsh9VPKgrRS1qNH5Zc1Tyu5Dr/E3OiQkzVCqHhQYYDj/PCESLL Y1Sly6n133Jq8J3TWoXAzeNKAOwy4tLz6TFn63OgbfcnTp1hndsMlIwCN3tzn9el T7b4LBMeVq2hXVkmotE0BURW7Phuckpmk1Xiow3vBXFMRxWPFz6lOg== =Njig -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- In article <Pine.LNX.3.91.960103133137.3229F-100000@micro.internexus.net> master@internexus.net (Laszlo Vecsey) writes: Are you sure it's a bug in the DOS version? When I did a pgp -kg in my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too created a 2047 bit key instead. Why is there a limit to the size of the key anyway? It's too bad PGP doesn't support any size key (within reason). Regarding the unix version, what sort of processor is the machine running? We noticed on a 486 running linux, with a vanilla MIT release pgp, that it made 2047 bit keys when prompted for 2048. However, after compiling the same code on a SunOS 4.1.3 it had no problems making a 2048 key, though it took significantly longer due to differences in the how the operating systems function. Also, most of the unix machines I work on now are running hacked versions which will handle up to 4096 bit keys, so I could handle all of my keys relatively painlessly (and because I was curious about the code in pgp itself). In any case, that's about all I know on the topic, check the architecture of the machine your shell account is on, and if you have access to a sun, you might try it there. If you really want larger keys just poke around in the code, it's not that hard of a feat to accomplish. - ----BEGIN PGP SIGNED HEADERS---- From: "Marc Martinez" <lastxit@alphachannel.com> To: cypherpunks@toad.com Subject: Re: 2047 bit keys in PGP Date: 03 Jan 1996 18:49:44 -0600 Message-ID: <wtbuokpyvr.fsf@arrakis.alphachannel.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQDVAwUBMOskKHutHIVnrGOxAQGvIAYAwU7RJkBu33HXd7g1V1DtH7p8cXTwpral lrYDCQDwRflxJUeNRAGUvL5cnfCGP0SGLcolkw4bsia92JtooyBrPhzNkAvh56O7 r9cXNb7EVnZIhEbgc5aVwa2BBSNgsbXNMYKhXmknrCkIUdBvIAf539xzkq5CXQQS 4ht8zhNku9UhAtuwNKa85zxUW+xmGdHX5kVn+aVAWUByxw5ndXq0aQkGFU7W9PVq Vr/qLVrMheMMgIWw9w86ZQnz7UmWbWht =vl/U -----END PGP SIGNATURE----- -- Marc Martinez "Sleep is unnecessary in the presence of more espresso." lastxit@mindport.net Key fingerprint: PGP public key available 47 AD 25 FF C2 B7 F8 57 C5 B6 2E B3 5E 98 A5 DE by finger or keyserver
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 3 Jan 1996, Laszlo Vecsey wrote:
"Douglas F. Elznic" <delznic@storm.net> said:
Are you sure it's a bug in the DOS version? When I did a pgp -kg in my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too created a 2047 bit key instead.
This is correct. I believe there are some UNIX flavors under which U.S. PGP can generate 2048 bit keys. However, most only allow 2047 bit keys. The international version does not have this bug.
Why is there a limit to the size of the key anyway? It's too bad PGP doesn't support any size key (within reason).
I really don't see the point of using a key larger than 2048 bits. Any larger key would actually be harder to factor than brute forcing the IDEA keyspace. Very little security would be gained from using a key larger than 3000 bits. Of course, one can always argue that improved factoring methods would require that an RSA public key be longer than 3000 bits to have equal security to IDEA. However, I doubt that factoring methods will improve that much. A 2048 bit key should be more than enough security for most applications. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMOrkUbZc+sv5siulAQFWJgP+IlKURN3TtdXrqzLf3vCrva1tYkYC/lZU fIOlk5Cvnt9wpm/huZKu/nESvFmJutoTbZVvJz1EPglLc1YrAlo4xyWTJZgwMpgv khXzkEMaPludU1qfKowaM0qqeSHv80zSB97Mq0SbqNEPyM2K0r+gDobSjUgwKQCQ Mb5D9L3hTLA= =CDHg -----END PGP SIGNATURE----- finger -l markm@voicenet.com for PGP key http://www.voicenet.com/~markm/ Fingerprint: bd24d08e3cbb53472054fa56002258d5 Key-ID: 0xF9B22BA5 -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT d- s:- a? C++++ U+++>$ P+++ L++(+++) E--- W++(--) N+++ o- K w--- O- M- V-- PS+++>$ PE-(++) Y++ PGP+(++) t-@ 5? X++ R-- tv+ b+++ DI+ D++ G+++ e! h* r! y? ------END GEEK CODE BLOCK------
participants (6)
-
Douglas F. Elznic -
futplex@pseudonym.com -
Laszlo Vecsey -
Marc Martinez -
Mark M. -
Sten Drescher