generating RSA key sizes > 4096
Werner Koch
wk at gnupg.org
Thu Dec 5 08:39:47 CET 2013
On Thu, 5 Dec 2013 04:59, ido at kernel.org said:
> regularly and routinely patching the GnuPG code with external,
> untrusted code to add a feature that is beneficial to a large subset
> of GnuPG users (since the majority of GnuPG users are probably not on
Please define beneficial. I can't see what you mean by that:
It has been reported that Mac users do that because GPGtools has lifted
the limit. Now, what kind of extra security do they get by using a
ridiculous long key on an operating system which is not under their
full control and which has a higher likeliness to be backdoored by the
vendor than the chance to break even arbitrary 1024 bit RSA keys?
If you want higher security than default you need to turn a lot of
knobs: Audit all software and hardware, never connect the box to the
Net, use a shielded room, install a good entropy source, and educate all
users with access to the confidential information to employ proper
OPSEC.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list