## Key size overkill

### Key size overkill

I've been doing some calculations (yes - I know I'm sad).

By my figuring, even if you were able to get hold of 100 Terahertz of
processing power, and each clock cycle was able to try a possibility on PGP
encryption, 128 bits would hold out for over 10^16 years. Is it just me, or
is the 2048 bit key that PGP recommends a bit overkill?

Calculations:
2^128 = 3.423*10^38  -  number of encryption possibilities for 128 bit
encryption

3.423*10^38 / 2 = 1.701*10^38  -  average number of possibilities that would
need to be tested

1.701*10^38 / 100T or 1.701*10^38 / 10^16 = 1.701*10^24  -  number of
seconds required to test this many possibilities, testing at 100 Teraherz

1.701*10^24 / (60 * 60 * 24 * 365) = 5.395*10^16  -  number of years
required to test this many possibilities

### Key size overkill

Quote:> I've been doing some calculations (yes - I know I'm sad).

Dont know about ur calculations, but how can it be overkill. The mo secure the better.

I just CANT fine the disadvantages of large(r) keys?

### Key size overkill

>I've been doing some calculations (yes - I know I'm sad).
>By my figuring, even if you were able to get hold of 100 Terahertz of
>processing power, and each clock cycle was able to try a possibility on PGP
>encryption, 128 bits would hold out for over 10^16 years. Is it just me, or
>is the 2048 bit key that PGP recommends a bit overkill?
>Calculations:
>2^128 = 3.423*10^38  -  number of encryption possibilities for 128 bit
>encryption

Presumably the 128 bits is for symmetric keys, and the 2048 bits is
for public/private keys.  A direct comparison of key sizes is
unreasonable, due to the differences in methodologies and
constraints.

While any random 128 bits can be used as a symmetric key, most 2048
bit strings would not be usable as an rsa key (to take one example).

### Key size overkill

> >I've been doing some calculations (yes - I know I'm sad).

> >By my figuring, even if you were able to get hold of 100 Terahertz of
> >processing power, and each clock cycle was able to try a possibility on
PGP
> >encryption, 128 bits would hold out for over 10^16 years. Is it just me,
or
> >is the 2048 bit key that PGP recommends a bit overkill?

> >Calculations:
> >2^128 = 3.423*10^38  -  number of encryption possibilities for 128 bit
> >encryption

> Presumably the 128 bits is for symmetric keys, and the 2048 bits is
> for public/private keys.  A direct comparison of key sizes is
> unreasonable, due to the differences in methodologies and
> constraints.

> While any random 128 bits can be used as a symmetric key, most 2048
> bit strings would not be usable as an rsa key (to take one example).

I figured that there was something in it like this, but I'm not sure what
the difference actually is.

I think I'll go trawling the FAQs again...

### Key size overkill

On Sat, 19 Jul 2003 18:33:12 +0100

> > >I've been doing some calculations (yes - I know I'm sad).

> > >By my figuring, even if you were able to get hold of 100 Terahertz
> > >of processing power, and each clock cycle was able to try a
> > >possibility on
> PGP
> > >encryption, 128 bits would hold out for over 10^16 years. Is it
> > >just me,
> or
> > >is the 2048 bit key that PGP recommends a bit overkill?

> > >Calculations:
> > >2^128 = 3.423*10^38  -  number of encryption possibilities for 128
> > >bit encryption

> > Presumably the 128 bits is for symmetric keys, and the 2048 bits is
> > for public/private keys.  A direct comparison of key sizes is
> > unreasonable, due to the differences in methodologies and
> > constraints.

> > While any random 128 bits can be used as a symmetric key, most 2048
> > bit strings would not be usable as an rsa key (to take one example).

> I figured that there was something in it like this, but I'm not sure
> what the difference actually is.

> I think I'll go trawling the FAQs again...

The difference is that factoring a public key lets you calculate the
private key.  It's easier to factor a key than to try all possible keys
with the same length.  Thus, the public/private pairs need to be larger
than a symmetric key for the same security.

--Alex

### Key size overkill

> > >I've been doing some calculations (yes - I know I'm sad).

> > >By my figuring, even if you were able to get hold of 100 Terahertz of
> > >processing power, and each clock cycle was able to try a possibility on
> PGP
> > >encryption, 128 bits would hold out for over 10^16 years. Is it just
me,
> or
> > >is the 2048 bit key that PGP recommends a bit overkill?

> > >Calculations:
> > >2^128 = 3.423*10^38  -  number of encryption possibilities for 128 bit
> > >encryption

> > Presumably the 128 bits is for symmetric keys, and the 2048 bits is
> > for public/private keys.  A direct comparison of key sizes is
> > unreasonable, due to the differences in methodologies and
> > constraints.

> > While any random 128 bits can be used as a symmetric key, most 2048
> > bit strings would not be usable as an rsa key (to take one example).

> I figured that there was something in it like this, but I'm not sure what
> the difference actually is.

> I think I'll go trawling the FAQs again...

Got it. Symmetric and Asymmetric keys aren't equal. 128 bit symmetric
encryption is about as easy to brute force as 2304 bit asymmetric
encryption.

- PGP Attack FAQ

-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GU d-(--) s+:- a--- C++(++++) !U W++(+++) N+(++) o K? w+(--) ?O

DI++++ D G e(*) h!>--- r++ z+>+++
------END GEEK CODE BLOCK------

Hi,
A buddy here is running an AMD 486-100 with 48...yes 48MB of RAM.
I say it's total overkill and he should sell/trade 16meg and buy a
Pentium motherboard and Pentium-class CPU.  He swears the DX4 with the
additional RAM will run just as fast.   I say the 32MB with a
Pentium class will be faster for most applications.

Who is correct?

Joe

12. pgp key size