generating RSA key sizes > 4096
Bernd Eckenfels
lists-gnupgdev at lina.inka.de
Thu Dec 5 00:43:24 CET 2013
Hello,
From Robert (rjh):
> Further, there has been no clear message from the cryptographic
> community that such a large key is in any way useful. NIST believes a
> 2048-bit key will be secure for 30 years; ENISA recommends a 3072-bit
> key. Allowing a 4096-bit key allows people to go far beyond all the
> current recommendations; why should it go further?
Actually that is not correct. The just recently released key params
report* of ENISA
proposes a protection equivalent of 256bit-symmetric-block ciphers for
recommended
future proof protections and they state that the RSA-equivalent of various
sources
(NIST**, IETF, ECTYPT2,...) is between 15360 and 46752 bit in this case.
And this
is explicitely for single use keys (and strong deprecation of PKCS#1 v1.5).
The "legacy minumum" is 1024, the future system minimum is 3072 and for
long term they recommend 15360 bits. (or ECDLP 512bit).
Greetings
Bernd
*
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
** http://www.keylength.com/en/4/
More information about the Gnupg-devel
mailing list