2048 or 4096 for new keys? aka defaults vs. Debian

Peter Lebbing peter at digitalbrains.com
Sun Oct 27 12:30:34 CET 2013


On 27/10/13 12:15, Johan Wevers wrote:
> The only one I can think of is less dependence of a correctly functioning
> RNG.

I think this is a very important one, as we've seen with the debacle with
OpenSSL in Debian where DSA keys were compromised even when just used to create
a signature[1].

But I can think of another one: much more hardware support. Both smartcards and
crypto-accelerators either in a general purpose CPU or as a module in a computer.

HTH,

Peter.

[1]<https://wiki.debian.org/SSLkeys>

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list