Long Key Performance

[Robert J. Hansen]

> I don't see a reason to use a >2048 bit key on a networked box - the
> probability of a remote attack is far out higher than finding a way to
> crack the encryption.  How many people are actually using a never

Insurance against future developments in cryptanalytic theory.  While
Bernstein's attack will likely not pan out the way some people are hyping
it, the possibility of a hypeworthy development is still with us.  If a
hypeworthy development comes along, such as if Bernstein's attack turns out
to be all that and a bag of chips, then moving to 3072-bit keys will be a
reasonable undertaking.

While I'm not at all a fan of the routine usage of 16kbit keys (like some
people on alt.security.pgp are fond of), I can easily see situations where
people may want to give themselves a little bit of an extra hedge against
future developments--and using 3072-bit keys as a result.

I personally don't see much (if any) point in going past 3072-bit keys,
though.

> software but maintain your own audited branch etc..  Everything else
> is plain stupid.

Agreed, Werner.  But it should be said that the world is filled with plain
stupid people.  (God knows I've been one from time to time!)