NPR : E-Mail Encryption Rare in Everyday Use
Bill Stewart
bill.stewart at pobox.com
Wed Mar 1 02:35:18 EST 2006
At 01:42 PM 2/26/2006, someone alleging to be Trevor Perrin replied to some
people
>>The problem is that pesky public-key. A public-key such as
>>[2. application/pgp-keys]...
>>is N O T user-friendly.
>True enough about public keys. Not so true about key fingerprints - a
>20-char fingerprint is probably not much harder to manage than the usual
>sorts of contact info (email, postal, & IM addresses, phone numbers, etc.).
The short-fingerprint handle for long keys and the
troubles of fetching long keys conveniently and reliably are a
major problem with PGP, S/MIME, and just about anything else
that uses RSA or El Gamal or other algorithms that require long keys,
and therefore you need keyservers or other awkward mechanisms
in addition to needing some validation technique for the keys.
Elliptic Curve Crypto makes it possible to use keys that are
short enough to hand around like fingerprints -
print them on business cards, use them in email signature lines, etc.
James Donald's Crypto Kong was an interesting experiment in
user interfaces for ECC crypto and in how users interact with each other,
and while there were things I didn't like about it,
the encryption and signed-message formats were short and sweet and unobtrusive,
and could be used just about as well for other user models.
The real question with ECC, other than patents, which don't seem to
interfere too much right now and will gradually go away,
is how long the keys need to be, and how long they can be trusted.
~~160-bit keys were short enough to be convenient.
256-bit is probably about the limit - I've seen some discussion
of 512-bit keys, and at that point you're pushed into
message formats that make it inconvenient to exchange keys again.
Is there a consensus view about what keylengths are reliable?
Thanks; Bill Stewart
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list