increase the default RSA key size to 3072 bits

ilf ilf at
Thu Apr 18 09:21:48 CEST 2019

OpenSSH 8.0 was released yesterday, one change being:

> * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
>   following NIST Special Publication 800-57's guidance for a
>   128-bit equivalent symmetric security level.

This points to

GnuPG 2.2.15 still has RSA 2048 as default, although Debian (and 
Debian-based distros) ship with 3072 as default.

I would be in favor of following OpenSSH and increasing the default RSA 
key size to 3072 bits.


If you upload your address book to "the cloud", I don't want to be in it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list