RSA useless for encryption was: RE: RSA 1024 ridiculous
Snoken
snoken at tunedal.nu
Wed Jun 20 13:21:02 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 17:05 2007-06-16, Brian Smith wrote:
>Snoken wrote:
>> I suppose this means that 1024 bit RSA-keys are ridiculous
>> and the Open PGP Card is a joke. And what about all web sites
>> protected by SSL with a 1024-bit RSA-certificate?
>
>This seems to be more-or-less on schedule:
>http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths
>
- --- snip ---
>
>Regards,
>Brian
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
I estimate that RSA 1024-bit keys have a very limited use for
encryption. Encryption usually intends to protect for a substantially
longer time than the time a signature is of any interest.
Brian ("Brian Smith" <brian at briansmith.org>) looked inWikipedia. Me too:
"As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent
in strength to 80-bit symmetric keys"
http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths
I checked with the source:
http://www.rsa.com/rsalabs/node.asp?id=2004
In 2003 users of RSA 1024-bit keys were advised to drop them before
2010. Now the situation is somewhat worse than it looked in 2003.
Unfortunately the OpenPGP Cards are limited to a use RSA-keys of 1024
bits, both for encryption and signing. Any work in progress for an
improved card?
Snoken
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959
iD8DBQFGeQ3KWisObvnr8tQRAt0VAJ41qrUBSU7hsDydwnT4ixhfwE4tvgCdHpMZ
J6mI9LJYQx6Ymq+c1aoZ1kM=
=HQKy
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list