This Blog Is Not For Reading

A blog, just like any blog, only more so

  • Subscribe

  • Categories

  • RSS Bob Jonkman’s Microblog

    • Favorite 14 October 2019
      bobjonkman favorited something by thj: Cool teardown video from Applied Science that reveals how analog era snapshot cameras printed the date on the film negative:https://www.youtube.com/watch?v=ezME4_xMMnkWith the segmented digits, you'd think it's a tiny fluorescent display, but it's actually more interesting that that.
    • New note by bobjonkman 6 October 2019
      And now I've discovered your website, and I'll be rabbitholing for the rest of the afternoon... @mattskala
    • New note by bobjonkman 6 October 2019
      Terrible title, great article. I remember just enough from my Uni "Electricity and Magnetism" course that I could follow.
    • New note by bobjonkman 6 October 2019
      Moar info on #SynthFestival, plz!
    • Favorite 6 October 2019
      bobjonkman favorited something by xj9: time to focus on the real issue at hand: end intellectual property, end copyright, end software licenses altogether: dedicate all of your work to the public domain.
    • New note by bobjonkman 30 September 2019
      Daily grind? Does that mean you get fresh !coffee every day?
    • New note by bobjonkman 4 September 2019
      They're made out of meat https://web.archive.org/web/20190501130711/http://www.terrybisson.com/theyre-made-out-of-meat-2/
    • Favorite 4 September 2019
      bobjonkman favorited something by tom: we're all just markov bots made of meat
    • Favorite 4 September 2019
      bobjonkman favorited something by o0karen0o: Free and open source software's all about the fact that no one and nothing is perfect. #reminder
    • Favorite 31 July 2019
      bobjonkman favorited something by natecull: Dear everyone who is considering making a video of yourself talking rather than just writing the *exact same words* into a text file, a blog post or a PDF:Unless you're specifically targeting people who literally cannot read...Please don't.Sincerely, A Person Who Doesn't Have Literal Free Hours To Hear You Slooooowly […]

The cost of long GnuPG/PGP keys

Posted by Bob Jonkman on 25th March 2014

Never Eat That Green Food At The Back Of The Fridge

Never Trust Anyone Over Thirty

and

Never Sign A GnuPG/PGP Key That’s Older Than You Are

Face peeking into fridge

Looking for green food at the back of the fridge

OK, only one of those is true, and it’s not the last one. At the University of Waterloo Keysigning Party last fall, some of the people signing my key were younger than the key they were signing!

At the keysigning I was having a discussion with someone about key lengths. In particular, choosing 4096 bits instead of 2048. I was reading that GnuPG has a limit of 4096 bits, but that 4096 should be enough for all time to come.

I’ve read online that GnuPG does actually support larger key sizes but that there is a const in the source code limiting it to 4096. The reasons for doing so are supposedly speed, 4096 would be very slow to generate and use, and comparability with other implementations that may not support larger keys. Personally I think it’s an inevitability that this will be increased in time but we’re not there yet.

In 1996 when I started with PGP a 1024 bit key was considered adequate, by 1999 a 2048 bit key was still considered large.

Consider Moore’s Law: every 18 months computing capacity doubles and costs halve. I’m not sure if that means that over 18 months x flops increases to 2x flops at the same price, or that in 18 months the cost of x flops is half of today’s cost, or if it means that in 18 months the cost of 2x flops will be half the cost of x flops today. If the latter, then today’s x flops/$ is x/4 flops/$ in 18 months. That factor of four is an increase of two bits every 18 months, or four bits every 3 years.

So, the cost in 1996 to brute-force crack a 1024 bit key is the same as the cost in 1999 to crack a 1028 bit key. And in 2014, 18 years later, it’s the same cost as cracking a 1048 bit key (an additional 24 bits).

An increase in key size from 1024 bits to 2048 bits buys an additional 768 years of Moore’s Law. And going from 2048 bits to 4096 bits buys an additional 1536 years of Moore’s Law.

Is Moore’s Law overestimating the cost of cracking keys? Are there fundamental advances in math that have dropped the cost of cracking 1024 bit keys to near-zero? What’s the economic justification for crippling keysizes in GnuPG, anyway?

–Bob, who is not trolling but really wants to know.

Day 57 / 365 – refrigerator by Jason Rogers is used under a CC BYCC BY license.

This post is based on a message to the KWCrypto Mailing List.

Tags: , , , , , , , , ,
Posted in Crypto, PGP/GPG | 1 Comment »

Cryptography and Security Events in Kitchener-Waterloo

Posted by Bob Jonkman on 9th October 2013

The months of October and November are shaping up to have some great lectures and presentations on cryptography, security and privacy.

Sheet of paper, strips of paper

Keysigning materials

Yesterday started off with an informal keysigning at the KWLUG meeting. The presentation was on the Scratch programming environment, nothing to do with GnuPG/PGP or cryptography. But a few of us exchanged little slips of paper with our key fingerprints, verified that the name with the fingerprint matched the person we knew, signed the keys, and so improved our standing in the Web of Trust. I hope that this becomes a regular part of all KWLUG meetings. The more people that participate, the more confident we can be about the validity of keys we may not have verified ourselves.

Today I attended the first UofW CSClub lecture on Security and Privacy by Sarah Harvey. If you’ve been following the news about the Snowden revelations you’ll know why security and privacy is important. The room was full of computer science, math and cryptography students, so the discussions were deep and technical.

Sarah Harvey shows a slide of Edward Snowden

Sarah Harvey shows a slide of Edward Snowden

There was a vacancy in the November KWLUG meeting so I asked Sarah if she would repeat her lecture. Let’s see what the KWLUG bosses have to say

There are more CSClub lectures scheduled, check the schedule on the CSClub site.


M-209 cipher machine

KWCrypto logo, the M-209 cipher machine

I’ve volunteered to do a presentation on Encrypting E-mail with GnuPG, Thunderbird and Enigmail, followed by a formal keysigning. I’m developing the presentation notes and keysigning procedure on the KWCrypto Interest Group Wiki that was set up after the Kwartzlab keysigning party last year. Please join me on the Wiki and the mailing list — I’d appreciate the help.

–Bob.

Keysigning Materials picture taken by Bob Jonkman and released under a CC BYCreative Commons — Attribution — CC BY license.

M-209 cipher machine by Greg Goebel used under CC BY-SACreative Commons – Attribution-ShareAlike 2.0 Generic – CC BY-SA 2.0

Picture of Sarah Harvey taken by Laurel L. Russwurm and used under a CC BYCreative Commons — Attribution — CC BY license.

Tags: , , , , , , , , , , , , , , , , , , , , , ,
Posted in Crypto, KWLUG, PGP/GPG, privacy, security | Comments Off on Cryptography and Security Events in Kitchener-Waterloo

Wanted: Open Data Citizen’s Group in Woolwich Township

Posted by Bob Jonkman on 19th March 2013

Open Data Woolwich Township

 

Alan Marshall, known online as the Elmira Advocate, recently blogged about the lack of data transparency:

What I do know is this. Environmental data is not shared with the public. What I do know about Waterloo’s water scares me but perhaps not as much as what I don’t know.

The Region of Waterloo is gradually making its collected data available to the public in Open Data sets. This means that citizens can use and re-use the data for mapping, tracking trends, and correlating it with other data sources. The data is licensed specifically to encourage its re-use, not restrict it.

The Region of Waterloo data sets are available at http://www.regionofwaterloo.ca/en/regionalGovernment/OpenDataHome.asp

There is a citizens’ group called OpenDataWR that encourages governments to make their collected data available in standardized, re-usable formats. They meet occasionally to work on new applications utilizing Open Data resources.

OpenDataWR recently held a hackathon, where groups of people worked on new projects that makes uses of Open Data. It was mostly computer programmers at the hackathon, but we need advocates like Alan with deep knowledge of the data, science, and the meaning of the data so that the programmers can write better applications. We also need publicists to make the existence of Open Data more widely known, as well as the applications that make use of it. We need lobbyists to advocate for more Open Data from governments, and from commercial organizations such as Conestoga Rovers. For instance, the University of Waterloo has an Open Data project as well.

As far as I know, Woolwich Township doesn’t have an Open Data project, or even a policy about making its data available in open formats. For example, even something so fundamental as the Woolwich Council meeting calendar is not made available in a standard calendar format, so you can’t easily add Council meetings to your own iPad or Outlook calendar.

It would be nice to have an Open Data advocacy group in Woolwich Township. There’s certainly enough data, just no good way to get at it.

Call to arms!

If anyone is interested in setting up an Open Data Woolwich Township citizens’ group to encourage and guide the Township into opening its data, please leave a comment below or contact me at bjonkman@sobac.com.

–Bob.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in FLOSS, Open Data | 1 Comment »

 
Better Tag Cloud