RSA useless for encryption was: RE: RSA 1024 ridiculous
snoken at tunedal.nu
Wed Jun 20 13:21:02 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
At 17:05 2007-06-16, Brian Smith wrote:
>> I suppose this means that 1024 bit RSA-keys are ridiculous
>> and the Open PGP Card is a joke. And what about all web sites
>> protected by SSL with a 1024-bit RSA-certificate?
>This seems to be more-or-less on schedule:
- --- snip ---
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
I estimate that RSA 1024-bit keys have a very limited use for
encryption. Encryption usually intends to protect for a substantially
longer time than the time a signature is of any interest.
Brian ("Brian Smith" <brian at briansmith.org>) looked inWikipedia. Me too:
"As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent
in strength to 80-bit symmetric keys"
I checked with the source:
In 2003 users of RSA 1024-bit keys were advised to drop them before
2010. Now the situation is somewhat worse than it looked in 2003.
Unfortunately the OpenPGP Cards are limited to a use RSA-keys of 1024
bits, both for encryption and signing. Any work in progress for an
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959
-----END PGP SIGNATURE-----
More information about the Gnupg-users