🇳🇱
What encryption algorithm do you prefer for asymmetric keys, specifically signing?
#cryptography #pgp #GPG #GnuPG
@waltercool@pl.slash.cl
@waltercool Agreed, feel free to elaborate though.
Several services like SSH have it disabled by default if not removed from codebase.
@waltercool Oh that.. it isnt "weak" so much as needing special care.. It is just as strong as the others when handled properly and when using a key of adequate strength and all.
In short the problem is if a system uses a non-secure random value when generating the negotiation then over time it can expose the private key. However if it is secure random (which it should be anyway) it is secure.
@freemo I don't regularly use this stuff, particularly for signing, but I did see an interesting paper recently that illustrated how ECC can be broken with < 1 bit of nonce leakage.
https://eprint.iacr.org/2020/615
Which seems to be caused by the need of uniformly distributed nonce values, which can unexpectedly broken via modulo bias as shown: https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
@johnabs Most crytographic ciphers can be cracked if their parameters arent generated securely
@freemo Well yeah, but <1 bit is pretty rough, no? Admittedly, I don't have anything to compare that number to, so some perspective would be great :)
@johnabs <1 bit would be 0 bits... so that number cant be the actual number.
@freemo I think it's the expected number of bits, in that they can determine the most significant bit of the nonce but with probability <1.
@johnabs I'll have to read up on it to get a better sense
@freemo I actually like ECC best for efficiency, but it has 256 bit keys, and IBM projects having 128 qubit quantum this year and 256 qubits Real Soon Now. As I understand it, there are quantum algorithms that can quickly crack ECC with 256 qubits.
At that point, 4096 RSA looks real good despite the relative inefficiency. It may be the first to have a quantum algorithm to crack it - but difficulty of coordinating more qubits grows much faster than difficulty of doubling RSA key size.
@customdesigned Despite haing a 433 qubit computer breaking crypto is still years off. Valid concern though because no one wants their encrytpted data exposed even if it is years down the line.
ECC is more elegant to me. Not willing to write down thousands of characters on a postcard to just exchange public keys.
(But still, police asked me what it is after I got several postcard which are filled by base64 encoded data 🤣)
@skyblond tainly is more space and computationally efficient. While that makes it easier to brute force it is still out of reach with current tech to brute force and will likely remain that way. Still some see RSA's ineffiency as a feature.
