Hacker News new | past | comments | ask | show | jobs | submit login

Did you read the article? The author agrees with you, and talks about why 4096-bit keys are not inherently more secure...



The author seems to misunderstand that the 4096 bit keys are RSA keys, not elliptic curve or symmetric AES keys.


The reason OpenVPN (and almost all VPN solutions) use such ridiculously long keys is that you don't have to brute-force them. An actual cryptographic attack on the algorithms commonly used for VPNs (or for HTTPS connections to websites) looks a lot more like a dictionary attack than a brute-force attack; you can discount great swathes of the problem space without having to actually try them.

That explanation seems fine to me. It's not an explanation of the underlying math but it doesn't need to be.


12 cheeseburgers are more than 1, but pretty useless to me because 1 is really all I can use.

If current openvpn or IPSEC isn’t being cracked, there is only more energy wasted in going to 4096bit keys.

Edit: lol downvotes... ok, cool. Tell me who is breaking 2048bit diffiehellman exchange to 256bit AES in CBC mode. I’ll wait right here.


You are probably getting downvoted because the article points out exactly that. The author was erroneously thinking that a big key is necessary - and wireguard doesn't provide one. Which made him discover that fallacy.


Except cheeseburgers rot, but crypto doesn’t. 4096 keys might be useful twenty years in the future.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: