Is ECC ready and increase the default RSA key size to 3072 bits?
Bernhard Reiter
bernhard at intevation.de
Thu Apr 25 08:42:13 CEST 2019
Am Freitag 19 April 2019 15:50:13 schrieb Daniel Kahn Gillmor:
> GnuPG master already defaults RSA keys to 3072 bits,
> I agree that it makes sense to do this on the 2.2 branch.
FWIW I also agree to switch the default.
It matches modern recommendations for mid/long term security,
e.g. from
https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.1.pdf
This is even when considering the FAQ linked
from https://wiki.gnupg.org/LargeKeys
| Will GnuPG ever support RSA-3072 or RSA-4096 by default?
|Probably not.
|Every minute we spend arguing about whether we should change the defaults
|to RSA-3072 or more is one minute the shift to ECC is delayed.
Is ECC ready to be the default?
My estimation is: It is not, and then we should switch the default to RSA3072
until it is.
My estimation is based on:
* There are some GNU/Linux LTS distros in use that still have GnuPG 2.0
(E.g. Jessie, but probably others. Could be examined)
* Ed25519 and Curve25519 are not in an agreed standard (as 4880bis is not
ready and probably won't be for a while) While I blieve it is okay to
move forward, other implementations may not be because of the missing
standard. Example: OpenPGPjs just has a young implementation
(Dec 2018 saw a major security release version 4.3.0)
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190425/0ae79b4a/attachment.sig>
More information about the Gnupg-devel
mailing list