RSA key size restriction?

Malte Gell malte.gell at gmx.de
Thu Dec 11 13:54:51 CET 2003


> On Wed, Dec 10, 2003 at 09:52:11PM +0100, Malte Gell wrote:

> > be nice to be sure that their information are kept secret as long
> > as they live and beyond... Maybe, such key sizes would be a nice
> > extension for the --expert option :-)

> Remember that hiding it behind --expert (and a "Don't do this!"
> message) still didn't stop people from generating Elgamal
> sign+encrypt keys.  If the key sizes are available under --expert,
> then people will inevitably generate them, thinking "bigger must be
> better".  However, bigger isn't always better: very large keys are
> slower, problematic for signatures (a 16k RSA clear signature is 45
> lines long!), and terrible for compatibility with anything other than
> GnuPG or hacked versions of PGP.

ACK, there's just the hope who uses "--expert" will know what he/she is 
doing... of course, you're right whith signatures, it would be much 
much bigger then the message itself and hardly any gain in security.

> Again, if someone generates such a key, GnuPG will work with it.  I
> still don't see the need to make it easy to generate them though,
> especially given that if someone wanted it badly enough, they can
> remove the line of code that prevents it themselves.

Totally true, whoever wants such keys will be able to create them 
easily. Maybe the question about key sizes gets philosphical beyond a 
certain length rather then reasonable.

Malte




More information about the Gnupg-users mailing list