I changed the locks
One feature of PGP-style digital signatures is the expiration date. It’s a hassle, on the face of it: past a certain date, the key can’t be used for encrypting or signing. It usually expires at an inconvenient time (when you don’t have five minutes to generate a new key, for example,) and leaves you keyless until you can generate a new one.
On the other hand, leaving a key without an expiration date makes it harder to invalidate if the passphrase is compromised (that is, if someone else cracks your key, it’s harder to prevent them from decrypting messages sent to you with that key, or from signing as you.) With an expiration date, you know the problem will go away at that time. And just as it helps keep codes secure if you change them from time to time (the longer someone has to work on a code, the greater the chance that they’ll eventually break it,) it helps to change your key from time to time.
My key expired last week, and I just got around to generating a new one. My key program asks what size key I want, starting with 700-some-odd bits and going through 1024, 2048, and 4096. I chose 4096. Now it’s taking some serious time to generate enough entropy to make the key—it’s been going well over half an hour now.
From Cryptonomicon:
Even a 768-bit key requires vast resources to break. Add one bit, to make it 769 bits long, and it becomes twice as difficult. A 770-bit key is twice as difficult yet, and so on. By using 768-bit keys, Randy and Avi could keep their communications secret from nearly every entity in the world for at least the next several years. A 1024-bit key would be vastly, astronomically more difficult to break.
Some people go so far as to use keys 2048 or even 3072 bits in length. These will stop the very best codebreakers on the face of the earth for astronomical periods of time, barring the invention of otherworldly technologies such as quantum computers.
…
The longer the key you are trying to generate, the longer this takes. Randy is trying to generate one that is ridiculously long. He has pointed out to Avi, in an encrypted e-mail message, that if every particle of matter in the universe could be used to construct one single cosmic supercomputer, and this computer was put to work trying to break a 4096-bit encryption key, it would take longer than the lifespan of the universe.
Is this overkill? Heck, yeah. But it’s fun.
Update: Cool, yeah. Practical, no. After well over an hour of generating, still no key. I generated a shorter key and posted it; maybe I’ll try again with a longer key later.
Now Playing: You’re Aging Well from The Honesty Room by Dar Williams
![[Swinging off a dragger, Cundy's Harbor, Maine, July 4th, 2003]](/images/cundys_harbor.jpg)