[43155] in Cypherpunks
Re: PGP Comment feature weakens remailer security
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Nov 9 09:25:26 1995
To: Raph Levien <raph@cs.berkeley.edu>
Cc: Lance Cottrell <loki@obscura.com>, cypherpunks@toad.com,
stewarts@ix.netcom.com
In-Reply-To: Your message of "Wed, 08 Nov 1995 17:47:11 PST."
<199511090147.RAA31271@kiwi.cs.berkeley.edu>
Reply-To: perry@piermont.com
Date: Thu, 09 Nov 1995 09:13:30 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Raph Levien writes:
> > I think you are fine if the odds of corrupting the message are less than
> > the odds of getting hit by a a falling meteor while running the program.
> > In general there is little point in making any one part of the system
> > many orders of magnitude more reliable than any other part.
>
> I agree entirely. That's why my PGP key at school is 382 bits. It's a
> lot easier to compromise my machine than factor a 382 bit number.
On the other hand, it costs nothing by most people's standards to use
a 1024 bit key, so why not use one? I find that there is only a point
in using low security for anything in particular when there is a
perceivable cost to it -- if the cost is typing a different number
while doing key generation, I don't see why one should suffer the
tradeoff.
Perry
