GnuPG and smartcards

Werner Koch wk at gnupg.org
Fri Oct 22 15:47:29 CEST 2004


On Thu, 21 Oct 2004 20:33:02 +0200, Franz Scheerer said:

> If I'm correctly informed GnuPG and smartcards use 1024 Bit RSA. The security 
> level of RSA-1024 is comparable too about 80 Bit symmetric key and cannot be 
> recarded as highly secure.

Sorry, that is nonsense.  The security is limited by the weakest link
and for sure this is not the length of the key but the quality and
security of the implementation and the entire environemt where it is
used.  A smartcard has the real advantage of protecting the secret
key against a compromise by any non-physical attack.

2048 bit RSA is possible but chips for that are not available in
masses and far too expensive.  If you don't think so, build a 2048
smartcard - the specs and the implementation allows for that.

  Werner




More information about the Gnupg-devel mailing list