generating RSA key sizes > 4096

Robert J. Hansen rjh at sixdemonbag.org
Fri Nov 29 17:10:59 CET 2013


> Currently, several downstream distributions of GnuPG patch the GPG code in
> their packages to support generating RSA keys larger than 4096 bits large.

Which ones besides GPGTools?

The choice of what range of sizes to support is not a trivial one.  The
overwhelming majority of OpenPGP installations max out at a 4kbit key.

Further, there has been no clear message from the cryptographic
community that such a large key is in any way useful.  NIST believes a
2048-bit key will be secure for 30 years; ENISA recommends a 3072-bit
key.  Allowing a 4096-bit key allows people to go far beyond all the
current recommendations; why should it go further?

Additionally, this tends to promote an obsession with key size -- very
often at the expense of other important factors.  Whether something is
protected by 2048-bit RSA or 8192-bit RSA doesn't matter a damn, since
no one with two brain cells to rub together will try cryptanalyzing the
traffic.  They'll resort to other methods instead.

So, yeah, I don't see a point for this patch, I'm sorry to say.  I have
severe doubts as to whether explicitly supporting extraordinarily large
keys is something GnuPG needs to do, support, or facilitate.

(I am not a GnuPG developer and I have absolutely no say in the final
decision, FYI.)



More information about the Gnupg-devel mailing list