FAQ: Re: key length

[Bernhard Reiter]

Robert,

On Wednesday 25 June 2014 at 23:33:37, Robert J. Hansen wrote:
> > we (GPGTools) had a brief meetup with Nico (he’s contributing to
> > Enigmail) today. He suggested raising the key length default to 4096bit.
> > The idea came via a suggestion from Rüdiger Weiß on the 30C3 congress
> > (https://www.youtube.com/watch?v=1dhCDJ_LVuY).
>
> As Werner himself posted to GnuPG-Users just yesterday, 4096-bit is
> wildly unnecessary for the vast majority of users.  In fact, there's a
> FAQ on it:
>
> https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096

Because this really is requently asked, I think this answer can be improved by
a) putting date on the answer itself
b) providing more references that support the design decision.

> Please don't override the GnuPG defaults unless you have a clear and
> compelling reason for why RSA-2048 (the GnuPG default) is inappropriate
> for your users.

Note that ENISA recommends at least 3072 bit RSA for new systems
(as reported by heise).
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report

Also the German BSI in  TR-02102-2-1 (Jan 2014) has 2000 bit RSA keys  until 
2020 and remarks that it can be useful to use >3000 bit to have an evenly 
distributed security level.

Given that 3072 is recommended by ENISA and by the BSI under some 
circumstances today, users need good insights to understand the 2048 default 
of GnuPG.

Best, 
Bernhard

-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140722/01244d6c/attachment-0001.sig>