Re: [openpgp] Upgrading PGP Keysize from 4096 to 8000

ericwrightsd619@proton.me Fri, 19 August 2022 12:34 UTC

Return-Path: <ericwrightsd619@proton.me>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD0BC14F747 for <openpgp@ietfa.amsl.com>; Fri, 19 Aug 2022 05:34:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proton.me
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NfAHgJj9eMX4 for <openpgp@ietfa.amsl.com>; Fri, 19 Aug 2022 05:34:51 -0700 (PDT)
Received: from mail-40138.protonmail.ch (mail-40138.protonmail.ch [185.70.40.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF511C14CF03 for <openpgp@ietf.org>; Fri, 19 Aug 2022 05:34:50 -0700 (PDT)
Date: Fri, 19 Aug 2022 12:34:43 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail; t=1660912486; x=1661171686; bh=dCwUYjNkHwYtO/NJrCtYp6R5zjx8I3Ho7Y9QtRtt3M0=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=Koa5FYAsND0mmqFK5QsguCr7Kjw7s1N0GneBB2UaUwD/j20vbfjekPHS8Q5t3yT7i u4z9E411nbzfbIV/8NrVYJK4p5j233IQ23O6MpP9Swuimk29N58Mh8WMItRqmVsQzI x9+rWSsEYe3hrrScIi53kaHo3TxFyLweexloAV33SWJpN1bv0RZncDhjVdvFlpEtu8 ipLf3xDa/tVOAUZUnx+Mc9L2m7V8+5WGjPS+NoLPG8kLsV+q3QFtVKRBCV45Xfh7OG nON8mEPiPUM9e5gXNc2E8TEmr3BF2YlGEiNqIz5DNI9olRXwcLE9IC1vl1+9GYynHp hF1/zP9UCMz2g==
To: phill@hallambaker.com
From: ericwrightsd619@proton.me
Cc: openpgp@ietf.org
Reply-To: ericwrightsd619@proton.me
Message-ID: <Eeiad7qJ0brP4vND_KOHpPvc2WJiJPLY0YYVNsHdymCeQUwW9fDysawHdcw5Rb_QEaAWlGMVW6a6J5aUiuO1SbO3G2EGoyvT3zS35vui82Y=@proton.me>
In-Reply-To: <CAMm+Lwhxom+Pk0tin-7ax_seQY=Dp3nKyKnBBnUdGq_XNMY+xg@mail.gmail.com>
References: <uItahvLyOD6ao4d1fJRya5ERg96Qgr8woAwKMu06pyaUaCWRPcaYLzLFjJCORVcfGLSQ9tAYl-m0rWWJlo7K38uQ62H9MYk0QVKYpGl4XGI=@proton.me> <CAMm+Lwhxom+Pk0tin-7ax_seQY=Dp3nKyKnBBnUdGq_XNMY+xg@mail.gmail.com>
Feedback-ID: 53067241:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_BuumeNC7qsvuExaJ743RpHVZ2C3LSA1TQtEcwYC0XcM"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/kGjQOEM28zgD0ljDA1iQViLK7fM>
Subject: Re: [openpgp] Upgrading PGP Keysize from 4096 to 8000
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2022 12:34:55 -0000

How do I utilize ECDH? Just generate a pgp key with the ECDH algo? Thanks for your detailed answer.

Btw, what do you think of Wireguard?

And what do you think of Twofish and Serpent ciphers? I've always found those interesting.

Sent from Proton Mail mobile

-------- Original Message --------
On Aug 18, 2022, 6:04 PM, Phillip Hallam-Baker wrote:

> On Thu, Aug 18, 2022 at 11:32 AM <ericwrightsd619=40proton.me@dmarc.ietf.org> wrote:
>
>> Hi, as technology gets faster we must increase our keysizes preemptively to ensure future-security.
>>
>> I am suggesting increasing the PGP MAXIMUM keysize to double the current maximum. A larger key could be twice as secure, and would only take a few seconds longer to encrypt a message.
>>
>> please increase the pgp keysizes.
>
> No, switch to ECDH, it is more secure.
>
> The problem with RSA is that the key size is subject to diminishing returns. 1024 bits only gives you a work factor of 2^80. Doubling that gives you only 2^110. You have to go to 3096 to get to the 2^128 bit work factor we are comfortable with and to get 2^256 you need over 16,000 bits.
> Longer key sizes are unlikely to improve quantum cryptanalysis either. While the super-cold machines being built by IBM and Google are slowly improving and we could reasonably hope for RSA3096 to remain safe up to a decade after Curve25519 falls, that is unlikely to be the architecture that wins the race. It is subject to diminishing returns and some hard limits on keeping things cold. If there is a Quantum cryptanalysis threat, it will come from the trapped ion machines and those can be made with regular VLSI processes if they can be made at all. So what that means is the first production devices are likely to have tens of thousands to millions of qbits.
>
> Bottom line is we should forget RSA at this point and work on use of Threshold and PQC systems.