The key size warning
Robert J. Hansen
rjhansen at inav.net
Tue Mar 26 09:36:02 CET 2002
> I have to disagree with you, Werner. The current warning appears to
> discourage users from generating 2048 bit and greater keys. There's really
> no necessity for doing so.
I'm with Len on this one. Frankly, given that generating and using
2048-bit keys on modern hardware is no more taxing than generating and
using 1024-bit keys five years ago, I think it's entirely appropriate to
change the default keysize as a way of buying us a little extra security
from any further unexpected surprises.
> I also think that 768 bit keys shouldn't be permitted to be generated.
Here I disagree--it's possible that there are circumstances or
conditions in which moving up to 2k keys is not possible. One company I
worked at had code which was hardcoded to require 768-bit keys. There
are legacy and just plain badly-designed systems out there, and we
should permit keys to be generated which will interoperate with them.
768-bit keys should, IMO, flag a warning about "This key is far below
the recommended keysize". But that's it.
More information about the Gnupg-devel