public key 1024 --> 2048bit - PGP

This is a discussion on public key 1024 --> 2048bit - PGP ; Hi all, i hope i am right here. I have the following situation: I have a public key with a 1024bit encryption, but now there is the problem that 1024bit is not save any more. So i want to change ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: public key 1024 --> 2048bit

  1. public key 1024 --> 2048bit

    Hi all,

    i hope i am right here. I have the following situation:

    I have a public key with a 1024bit encryption, but now there is the
    problem that 1024bit is not save any more. So i want to change my public
    key to 2048 (or better to 4096bit).

    As i guess, this will not be very simple, so i found the option with
    "addkey". Does this work for me? What would you do? Creating a brand new
    key and sign both?

    TIA!

    Best regards,

    da didi
    --
    14:35:31 up 3:38, 1 user, load average: 2.87, 2.51, 1.79
    Michael Diederich Gentoo Linux 2.6.3-rc2-gentoo
    Oberster*Mengenleerer *des* Ordens* der* Dunklen*Seite* von* de.ALL*[tm]
    ICQ: 162017197

  2. Re: public key 1024 --> 2048bit

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Michael Diederich wrote in
    newsb91h1-btj.ln1@leafnode.md-d.org:

    > Hi all,
    >
    > i hope i am right here. I have the following situation:
    >
    > I have a public key with a 1024bit encryption, but now there is the
    > problem that 1024bit is not save any more. So i want to change my
    > public key to 2048 (or better to 4096bit).
    >
    > As i guess, this will not be very simple, so i found the option with
    > "addkey". Does this work for me? What would you do? Creating a brand
    > new key and sign both?


    A 1024 bit key is still secure.

    The manual describes both how to generate new keys, and how to generate
    new subkeys.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQD53pGDeI9apM77TAQLlPwf/cJRFF54Pj6stiaCzKOA71VHSIkLE1VtL
    MV+ETbMjd1q3sBiVpG11Jr5k7npKpyfXMLG+eCaNFOJdjDVNTF G230xmZyAGLIdu
    9FcN0qlB02X1XoeLnqAiO279YNRkczzdWtaT8iT43ruCdkzEUQ +QcFD4xDI7J3El
    IPQKsdKaihX1fwQuxZAKzFCwkkCJURDQlnbeIiGl4qtudyBuJd CTsGVs/doCyT3k
    /eN1GinEPXSQr7kIZlzf/prRIgZ95tJX3cYzdVab7jNHVz96xJpa0Yk5eDyxz6Hy
    b0V60yED+j2QSXxMIi19rXsBSgiwWGv7qxtmkkZh6TXXiktiRJ LP7Q==
    =188X
    -----END PGP SIGNATURE-----

  3. Re: public key 1024 --> 2048bit

    begin -<[Tom McCune * Thu, 26 Feb 2004 22:48:04 GMT ]>-

    > > I have a public key with a 1024bit encryption, but now there is the
    > > problem that 1024bit is not save any more. So i want to change my
    > > public key to 2048 (or better to 4096bit).
    > > As i guess, this will not be very simple, so i found the option with
    > > "addkey". Does this work for me? What would you do? Creating a brand
    > > new key and sign both?

    > A 1024 bit key is still secure.


    Well, the way to calculate the numbers is found, one year for a 1024bit
    key.

    > The manual describes both how to generate new keys, and how to generate
    > new subkeys.


    But then i am still signing and decrypting with the old 1024bit key, or? I
    will try to find a better manual on my native language - thanks for you
    reply.

    Best regards,

    da didi
    --
    17:15:08 up 1:39, 1 user, load average: 0.43, 0.51, 0.45
    Michael Diederich Gentoo Linux 2.6.3-rc2-gentoo
    Oberster*Mengenleerer *des* Ordens* der* Dunklen*Seite* von* de.ALL*[tm]
    ICQ: 162017197

  4. Re: public key 1024 --> 2048bit

    Michael Diederich writes:

    >> > As i guess, this will not be very simple, so i found the option with
    >> > "addkey". Does this work for me? What would you do? Creating a brand
    >> > new key and sign both?

    >> A 1024 bit key is still secure.

    >
    > Well, the way to calculate the numbers is found, one year for a 1024bit
    > key.


    Do you have any links to show this "one year"?

  5. Re: public key 1024 --> 2048bit

    begin -<[Billy O'Connor * Fri, 27 Feb 2004 16:56:43 GMT ]>-

    > Michael Diederich writes:
    >
    > >> > As i guess, this will not be very simple, so i found the option with
    > >> > "addkey". Does this work for me? What would you do? Creating a brand
    > >> > new key and sign both?
    > >> A 1024 bit key is still secure.

    > >
    > > Well, the way to calculate the numbers is found, one year for a 1024bit
    > > key.

    >
    > Do you have any links to show this "one year"?


    http://www.wisdom.weizmann.ac.il/~tr...pers/twirl.pdf

    I just read the german "Datenschleuder" of the chaos computer club Germany:

    | TWIRL-basierte Hardware für nur 10 Millionen Euro erlaubt es, den
    | Siebungsschritt für eine 1024-bit Zahl in einem Jahr durchzuführen
    | [..]
    | Zur Faktorisierung eines 512-bit Modulus reichen TWIRL-basierte Hardware
    | für nur 10.000 Euro und weniger als 10 Minuten Zeit.

    For 10 Mio. Euro the hardware needs one year for a 1024bit number. For
    10.000 Euro and just 512bjt the hardware needs 10 minutes.

    | Das Verfarhen ist beliebig parallelisierbar. Dies bedeutet, dass wer
    | beispielsweise 12-mal so viele Hardware verwendet (für 120 Millionen
    | Euro), braucht nur einen Monat Zeit.
    | Die teure Hardware ist nicht nach einer Faktorisierung "verbraucht". Sie
    | kann eingesetzt werden um nacheinander mehrere Schlüssel zu "knacken".

    The prozedure is for paralell work - 120 Mio Euro for 12x hardware, and you
    just need one month. The hardware can be used after this month again for
    the next key.

    german source: http://ds.ccc.de/081/byebye512bit

    HTH!

    Best regards,

    da didi
    --
    20:15:57 up 1:01, 1 user, load average: 3.93, 3.66, 3.82
    Michael Diederich Gentoo Linux 2.6.3-rc2-gentoo
    Oberster*Mengenleerer *des* Ordens* der* Dunklen*Seite* von* de.ALL*[tm]
    ICQ: 162017197

  6. Re: public key 1024 --> 2048bit

    Michael Diederich writes:

    > http://www.wisdom.weizmann.ac.il/~tr...pers/twirl.pdf


    Thanks.

    > For 10 Mio. Euro the hardware needs one year for a 1024bit number. For
    > 10.000 Euro and just 512bjt the hardware needs 10 minutes.


    My german's not that good. Is there a diminishing return for
    more and more hardware applied to the problem?

  7. Re: public key 1024 --> 2048bit

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Michael Diederich wrote in
    news:6474h1-c18.ln1@leafnode.md-d.org:

    > Well, the way to calculate the numbers is found, one year for a
    > 1024bit key.


    That's an interesting hypothesis (not established fact). But even if
    correct, few of us have anything to justify that much money and one year
    of work. At least I don't! :-)

    >> The manual describes both how to generate new keys, and how to
    >> generate new subkeys.

    >
    > But then i am still signing and decrypting with the old 1024bit key,
    > or? I will try to find a better manual on my native language - thanks
    > for you reply.


    What kind of key are you using: DH/DSS, RSA, or Legacy RSA?
    If a DH/DSS key or RSA key, do you just want to add a larger subkey for
    encryption, or go with both a larger signing key and a larger encryption
    key?

    If you are using a DH/DSS key, the signing key cannot be larger than 1024
    bits, but the encryption key can be up to 4096 bits.

    If you want a larger signing key, you have to generate a whole new key
    pair. If you just want a larger subkey for encryption, you can add that
    to your current RSA or DH/DSS key.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQD/LuGDeI9apM77TAQI64gf/UfFWWz+0YXx4qX6xG51GUpOweGLbeA1P
    4e4PbhjnuD8FSdzQDlXqY5ovEbCT0sPaZcDLgCTzks5E67hYY6 0KHow1tI/jB5AB
    kaubW0Rtn88MpaTgvNAJJvd6/3jH/dRYW/6orIzkghlHqBr7eApg+0dmpKuztOu/
    HgV4CV1N7U5r+UrGs3bhUJUEbswyQy3jYg/9u1ll16EtO+d9NNETWTXToRGxGb/0
    RTQtZun0uzPWXdjWHGy0y3dTsdQ4/4GMKeHH5/UPQrQDM5BrHQ3rEi0d3eWgwKJZ
    0VKK7ixTNFITEputUO24TTqLqxZ1OIeCAR+DyNuTAuTIJIG8Yh Ki8g==
    =jv+Z
    -----END PGP SIGNATURE-----

+ Reply to Thread