Werner Koch wk at gnupg.org
Tue Sep 26 12:23:41 CEST 2006

On Tue, 26 Sep 2006 05:33, David Shaw said:

> 4096-bit RSA key roughly balances a hash somewhere between 256 and 384
> bits.  A 512-bit hash will work with a 4096-bit key, yes, but that

But it doesn't balance with the probability of implementation, system,
or user bugs.  This is needs to be taken into acount and then even a
2048 bit key is too strong to balance out these other risks.

One should always ask the question: How would I attack a system?  Then
it will soon be clear that breaking RSA or finding a second pre-image
for SHA-1 is not the way any sane attacker would go.



More information about the Gnupg-devel mailing list