Let's say that I'm concerned about my messages being read by someone with extremely powerful computers to break my messages. I'm currently using 4096bit encryption - do I have anything I should take into account? I understand I need to be concerned about men in the middle intercepting the messages and passing fradulent ones on to my buddies, but they still shouldn't be able to read mine, right?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Go look at http://www.rsasecurity.com/rsalabs/challenges/factoring/numbers.html
Their 578 bit key has not yet been factored. While it is possible that someone is capable of cracking 2048 bit keys, it is probably more likely that someone can find an easier way to get the plaintext of your message (like breaking into your house and modifying your computer, or such like).
A man-in-the-middle attack means that someone pretends to be your friend, and you accept his key as genuine (thinking that it is your friend's key). You encrypt a message to your friend using this key, and the attacker can read it. He can then re-encrypt it with the correct key for your friend, and send it on its way. The only way to avoid this is to make sure that the keys that you accept from your friends are _really_ their keys.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Let's say that I'm concerned about my messages being read by someone with extremely powerful computers to break my messages. I'm currently using 4096bit encryption - do I have anything I should take into account? I understand I need to be concerned about men in the middle intercepting the messages and passing fradulent ones on to my buddies, but they still shouldn't be able to read mine, right?
Go look at
http://www.rsasecurity.com/rsalabs/challenges/factoring/numbers.html
Their 578 bit key has not yet been factored. While it is possible that someone is capable of cracking 2048 bit keys, it is probably more likely that someone can find an easier way to get the plaintext of your message (like breaking into your house and modifying your computer, or such like).
A man-in-the-middle attack means that someone pretends to be your friend, and you accept his key as genuine (thinking that it is your friend's key). You encrypt a message to your friend using this key, and the attacker can read it. He can then re-encrypt it with the correct key for your friend, and send it on its way. The only way to avoid this is to make sure that the keys that you accept from your friends are _really_ their keys.