8192bit RSA keys
David Shaw
dshaw at jabberwocky.com
Wed Jul 8 19:36:15 CEST 2009
On Jul 6, 2009, at 4:21 AM, martin f krafft wrote:
> Hey folks,
>
> Two years ago, there was a thread on this list, in which RSA key
> sizes >2048 were discussed [0]. In these two years, the crypto-world
> has been shaken up a bit, and computers got yet a bit more powerful.
>
> 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html
>
> I am trying to decide whether I want to create myself a new RSA key
> and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like
> to use the 8k variant, simply because I postulate that my machines
> can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but
> I don't know if this makes sense in practice.
It depends on what you're protecting against. For most common cases,
a 8192-bit RSA key is likely so vastly stronger than the rest of your
environment that a smart attacker wouldn't bother to attack it.
They'd just go after what they want via other attacks against you and/
or your environment. Mind you, the same thing is true for a 2048-bit
RSA key as well. (I'd wager that for many people, the same thing is
also true for a 512-bit RSA key). If you can get the same end result
with a smaller key, you need to ask yourself what the big key actually
buys you.
If you're looking for a more immediate reason, though, note that if
you make a RSA key larger than 2048 bits you can't use it with the
spiffy new OpenPGP smartcard.
David
More information about the Gnupg-users
mailing list