how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities]

Chris Knadle Chris.Knadle at
Tue Sep 28 14:07:32 CEST 2010

On Monday 27 September 2010 15:51:10 Jameson Rollins wrote:
> On Mon, 27 Sep 2010 21:25:21 +0200, Ludwig Hügelschäfer 
<mlisten at> wrote:
> > Ack. 1.5 seconds is about the limit where a good GUI should issue a
> > reaction. This is where the human mind is starting to think there's
> > something wrong.
> We should be careful not to overstate the impatience of users too much.
> I've seen plenty of people wait many seconds for google maps to load on
> phones without giving up on the whole process.  I also have an extremely
> slow machine were I routinely have to wait a long time (many seconds)
> for certain operations to complete.  It's certainly not ideal, but I
> don't give up on those operations just because they take a little
> longer.  I get used to it and figure out ways to deal.
> I'm not saying we shouldn't care about operations taking a noticeable
> amount of time, but I wouldn't state out-right that users will revolt
> and refuse to do something just because it takes more than a second.
> jamie.

There are GUI operations that can routinely take several seconds to complete, 
such as sending an email via authenticated SMTP over TLS, opening an .ogv 
file, converting a document to a .PDF, adding a picture to a big presentation, 
etc.  My personal threshold before I think something is wrong is somewhere 
between 3-4 seconds for when I don't know something is computationally 

Encryption using a 4096-bit key is something I /expect/ is computationally 
expensive, so if there's a few second delay there I wouldn't personally be 
worried about it.  In fact if I was using old or slow hardware and it only 
took a couple of seconds to complete, I'd be pleased it was that fast.  I'm 
personally pleased at the performance I get from 4096R key encryption.

It's a good thing for speed be considered nonetheless, but there's also only 
so much that can be done about it.  There are organizations that have deemed 
1024-bit DSA keys not to be secure enough [due to SHA-1 collisions], and some 
have stated in this thread that encryption using 2048-bit and 4096-bit keys 
"takes too long".  To reconcile this, there are basically two choices in my 
mind:  A) grow patience, or B) tolerate being less secure... because I don't 
think there's going to suddenly be a wild advance in code efficiency.

  -- Chris


Chris Knadle
Chris.Knadle at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100928/57cc7388/attachment.pgp>

More information about the Gnupg-users mailing list