Silk Road forums

Discussion => Newbie discussion => Topic started by: leking on August 17, 2013, 09:09 am

Title: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: leking on August 17, 2013, 09:09 am
So I already asked this in the PGP thread, but with the many posts it went under...

I noticed most vendors using 1024 or 2048 bit keys.
How come they don't use the highest security available? (4096bit)

I know also 1024 is not crackable (at least from what we know), but still the extra effort is so small... Considering all the other safety precautions that everyone takes, this one strikes me as odd...
Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: leking on August 17, 2013, 10:59 am
bump
Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: rockwaterwind on August 17, 2013, 12:08 pm
Presumably most vendors are not computer nerds, first and foremost?

Not sure that you are going to get a definitive answer on this one...

Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: leking on August 17, 2013, 12:21 pm
But it is literally a difference of 2 seconds (just choosing another keystrength from the dropdown when creating it)
Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: rockwaterwind on August 17, 2013, 12:52 pm
I have come across some vendors who don't use GPG at all and want to run all their secure communications through privnote. Their reasoning is that it is a totally secure service and that all messages are deleted after being read.

This indicates that the vendor does not question WHO runs that service, and if they can be trusted or not.

I bring this up, to highlight that we make choices based upon what we 'know'.

If you are not aware what a key is, or why its length matters, then you may not think to choose a longer key....

Maybe message the vendor with a relevant article about why they should go for a longer key?

That said - they might not appreciate it ;)
Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: FelixUK on August 17, 2013, 01:56 pm
Noticed a couple of new and popular U.K vendors stating they don't accept PGP at all which is extremely odd.
Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: rockwaterwind on August 17, 2013, 04:00 pm
Noticed a couple of new and popular U.K vendors stating they don't accept PGP at all which is extremely odd.

As long as people are willing to take the risk, these vendors will not have the impetus to learn gpg.

Which is a shame, because it is not that difficult and it is one of the most powerful tools that we have to protect our identities from those who aren't the vendors we are dealing with.

I would personally not trust a vendor that did not take this seriously, as it would make me question the rest of their operational procedures...

ESPECIALLY when there are so many vendors who do work with gpg.
Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: leking on August 17, 2013, 04:25 pm

I would personally not trust a vendor that did not take this seriously, as it would make me question the rest of their operational procedures...


Exactly!!
Title: Re: Why do vendors use 1024 bit keys instead of stronger ones?
Post by: TunzuhFunk on August 17, 2013, 07:46 pm
I ask myself the same question every time I see one.