Long Key Performance

Robert J. Hansen rjhansen at inav.net
Fri Apr 19 09:50:01 CEST 2002

> I don't see a reason to use a >2048 bit key on a networked box - the
> probability of a remote attack is far out higher than finding a way to
> crack the encryption.  How many people are actually using a never

Insurance against future developments in cryptanalytic theory.  While
Bernstein's attack will likely not pan out the way some people are hyping
it, the possibility of a hypeworthy development is still with us.  If a
hypeworthy development comes along, such as if Bernstein's attack turns out
to be all that and a bag of chips, then moving to 3072-bit keys will be a
reasonable undertaking.

While I'm not at all a fan of the routine usage of 16kbit keys (like some
people on alt.security.pgp are fond of), I can easily see situations where
people may want to give themselves a little bit of an extra hedge against
future developments--and using 3072-bit keys as a result.

I personally don't see much (if any) point in going past 3072-bit keys,

> software but maintain your own audited branch etc..  Everything else
> is plain stupid.

Agreed, Werner.  But it should be said that the world is filled with plain
stupid people.  (God knows I've been one from time to time!)

More information about the Gnupg-devel mailing list