does gpg cope with very large key sizes

David Shaw dshaw at jabberwocky.com
Thu Sep 10 18:07:07 CEST 2009


On Sep 10, 2009, at 7:40 AM, Philippe Cerfon wrote:

>>> - Or is in everything ok,.. and there's just this max=something in  
>>> g10/keygen.c where you save users from shooting into their feets  
>>> by creating to large keys but nothing else?
>> Pretty much true if your goal is to just do performance testing  
>> with different sizes.  I certainly wouldn't actually use such a key  
>> in the real world, though.
>
> Pretty much? What do you mean by that? The time/performance issues?

Yes, but also that it's a silly keysize in the real world.  For most  
people (doing regular-people things like using computers connected to  
the internet, presumably in a house or apartment with a front door),  
the key would be so vastly stronger than the rest of the environment  
that an attacker wouldn't bother to attack it.  Rather they'd go  
against that front door, or other attacks against you and/or your  
environment.

It's a bit like this: http://failblog.org/2009/05/22/security-fail-5/

> Out of curiosity: As far as I know the suggested key sizes will always
> rather raise, right (expect one moves perhaps away from RSA, but are
> there any alternatives than DSA?)? So maybe in 20 or 30 years 32k bit
> keys will be necessary,... would be bad if those keys weren't usable
> in the real world :-/

I don't forsee we'll ever end up with keys that large.  They're just  
too big to conveniently use.  Rather, we'll switch over to algorithms  
like Elliptic Curve that are stronger per-bit than RSA or DSA.

David




More information about the Gnupg-devel mailing list