FAQ: Re: key length
bernhard at intevation.de
Tue Jul 22 10:52:59 CEST 2014
On Wednesday 25 June 2014 at 23:33:37, Robert J. Hansen wrote:
> > we (GPGTools) had a brief meetup with Nico (he’s contributing to
> > Enigmail) today. He suggested raising the key length default to 4096bit.
> > The idea came via a suggestion from Rüdiger Weiß on the 30C3 congress
> > (https://www.youtube.com/watch?v=1dhCDJ_LVuY).
> As Werner himself posted to GnuPG-Users just yesterday, 4096-bit is
> wildly unnecessary for the vast majority of users. In fact, there's a
> FAQ on it:
Because this really is requently asked, I think this answer can be improved by
a) putting date on the answer itself
b) providing more references that support the design decision.
> Please don't override the GnuPG defaults unless you have a clear and
> compelling reason for why RSA-2048 (the GnuPG default) is inappropriate
> for your users.
Note that ENISA recommends at least 3072 bit RSA for new systems
(as reported by heise).
Also the German BSI in TR-02102-2-1 (Jan 2014) has 2000 bit RSA keys until
2020 and remarks that it can be useful to use >3000 bit to have an evenly
distributed security level.
Given that 3072 is recommended by ENISA and by the BSI under some
circumstances today, users need good insights to understand the 2048 default
www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel