The key size warning
V Alex Brennen
vab at cryptnet.net
Sat Mar 30 05:09:02 CET 2002
On 26 Mar 2002, Robert J. Hansen wrote:
> > I have to disagree with you, Werner. The current warning appears to
> > discourage users from generating 2048 bit and greater keys. There's really
> > no necessity for doing so.
>
> I'm with Len on this one. Frankly, given that generating and using
> 2048-bit keys on modern hardware is no more taxing than generating and
> using 1024-bit keys five years ago, I think it's entirely appropriate to
> change the default keysize as a way of buying us a little extra security
> from any further unexpected surprises.
2048bits is good, but be careful about just bumping up keysize.
There is much more to it than just the CPU time the math takes.
Is there enough entropy available on the average PC to support the
generation of strong default 2048bit keys? Yes, most likely.
4096bits? Yes, most likely. 8192bits? Probably. But, at what
keysize does that become usually not the case?
I recall reading predictions of 4GB (~32Gb) keys to ensure some
strength in the presence of quantum computers. I'm unsure that
the average PC could generate strong 4GB keys.
Does anyone know of any research that has been done into this - what
the average period is over a large sample of systems for data
from /dev/random or /dev/urandom on GNU/Linux?
Obviously, this is especially important in the case of SSL or
something else with needs for lots of session keys - not to mention
the problem of DoS attacks against pseudorandom devices on such
systems through mass session initiations which yield entropy
depletion.
- VAB
More information about the Gnupg-devel
mailing list