8192bit RSA keys
Jean-David Beyer
jeandavid8 at verizon.net
Wed Jul 8 20:05:36 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Shaw wrote:
| On Jul 6, 2009, at 4:21 AM, martin f krafft wrote:
|
|> Hey folks,
|>
|> Two years ago, there was a thread on this list, in which RSA key
|> sizes >2048 were discussed [0]. In these two years, the crypto-world
|> has been shaken up a bit, and computers got yet a bit more powerful.
|>
|> 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html
|>
|> I am trying to decide whether I want to create myself a new RSA key
|> and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like
|> to use the 8k variant, simply because I postulate that my machines
|> can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but
|> I don't know if this makes sense in practice.
|
| It depends on what you're protecting against. For most common cases,
| a 8192-bit RSA key is likely so vastly stronger than the rest of your
| environment that a smart attacker wouldn't bother to attack it.
| They'd just go after what they want via other attacks against you and/
| or your environment. Mind you, the same thing is true for a 2048-bit
| RSA key as well. (I'd wager that for many people, the same thing is
| also true for a 512-bit RSA key). If you can get the same end result
| with a smaller key, you need to ask yourself what the big key actually
| buys you.
|
| If you're looking for a more immediate reason, though, note that if
| you make a RSA key larger than 2048 bits you can't use it with the
| spiffy new OpenPGP smartcard.
|
Another reason is that even if increasing my key size to would increase my
security in some sense, I do not want my GPG security to be so strong that
the black hats would bypass it and torture the key out of me.
- --
~ .~. Jean-David Beyer Registered Linux User 85642.
~ /V\ PGP-Key: 9A2FC99A Registered Machine 241939.
~ /( )\ Shrewsbury, New Jersey http://counter.li.org
~ ^^-^^ 14:00:01 up 20 days, 49 min, 3 users, load average: 4.05, 4.34, 4.48
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iD8DBQFKVN/vPtu2XpovyZoRAsT/AJ4k/O4O517+YH7KYaLevt28VFOT+wCeO5GW
9I/aKv70703nlIyx7PbfJow=
=Trab
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list