Long Key Performance

Matthias Bruestle mlist at mbsks.franken.de
Sun Apr 21 16:01:01 CEST 2002


Maybe an interesting historic example on "key degradation" is the RSA
key the French banks use for their banking cards.

The system was designed in 1983 with a 320 bit RSA key. 320 bit seamed at
that time probably sufficient. (AFAIR even PGP 1 gave the option of 384
bit keys around 1990.) 8 years later in 1991 a 330 bit RSA keys has been
broken. And now factoring a 320 bit modulus takes on a cheap computer
about 1.5 days. They do not have the problem, that now old messages
can be decrypted, but they do have the problem of a widely installed
hardware base which handles only the 320 bit key. They are currently
going to 769 bit keys.

I startet in 1992 with a 1024 bit key. It is probably still secure and
may be so for another few years. So 1024 bit was then good for about
10-15 years. I would now choose 4096 bit keys to have my current data
protected for the next 10-15 years. Others might need longer protection
times and therefor might decide to go to longer keys.

When looking at the threads, we should consider governments storing
encrypted data for later decryption, just because encryption is
suspicious.  This has been at least considered by an European country. (I
think Belgium.)

endergone Zwiebeltuete

More information about the Gnupg-devel mailing list