FAQ: Re: key length
Robert J. Hansen
rjh at sixdemonbag.org
Thu Jul 24 12:02:46 CEST 2014
This is just a proposal, *not* a final draft. If this gives people
heartburn, let me know precisely what gives heartburn and I'll try to
mitigate it as best as I can.
Q: Why does GnuPG default to 2048-bit RSA?
A: Because it offers reasonable security for the next several years
while still being compatible with the widest variety of OpenPGP
Q: What are NIST's recommendations for key sizes?
A: According to NIST Special Publication 800-57, "Recommendation for
Key Management," published in July 2012, a 2048-bit RSA or DSA
key is comparable in strength to 3DES. Further, they state that
2048-bit keys are acceptable for use through the year 2030.
Q: What are ENISA's recommendations for key sizes?
A: Slightly different, but not so much so as to be surprising. ENISA
is slightly more pessimistic about the long-term prospects of
2048-bit keys, although they are careful to note 2048-bit keys are
still daunting for an adversary.
Q: Is there a general recommendation that 3072-bit keys be used for
A: No, although some respected people and groups within the
cryptographic community have made such recommendations.
Q: Why does GnuPG disregard these recommendations for 3072-bit keys?
A: We don't. That recommendation is for *new applications*. GnuPG
is not a new application. When a user generates a GnuPG certificate,
that user becomes part of an ecosystem of existing certificates and
a userbase that spans the globe. In short, GnuPG is not a new
Q: Are there any plans to move to stronger keys by default?
A: Imminently. When a version of GnuPG is released which supports
elliptical-curve cryptography, then will be an ideal time for us
to pause, take a deep breath, and make the transition to larger
effective key sizes.
Q: I think I need larger key sizes.
A: By all means, feel free to generate certificates with larger keys.
GnuPG supports up to 4096-bit keys.
Q: If GnuPG will be moving to stronger default key sizes in the near
future via support for elliptical curves, why is there such
controversy about what GnuPG's defaults are right now?
A: It's human nature to want things "more, better, and right now." But
just like in the rest of life, good things come to those who wait.
It won't be long, we promise.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
More information about the Gnupg-devel