Create key's over 4096 bit ????

Atom Smasher atom at smasher.org
Thu Dec 22 06:47:05 CET 2005


On Wed, 21 Dec 2005, Aleksandar Milivojevic wrote:

> From the security standpoint, more bits do not buy you more security. 
> Having 16k key or 2k key will buy you about the same security.  It is 
> not all in the key lenght.  My opinion is, just use 2k key.  It will 
> serve you well.  I generated one 4k key some time ago, and have almost 
> never used it.  Looking back, that was really pointless thing to do.
======================

to paraphrase bruce schneier: what's more secure? a fence that's a 
thousand feet tall or a fence that's ten thousand feet tall?

that said, computers keep getting faster and attacks keep getting better. 
back in the early days of PGP(tm) a 1024 bit key would have been 
considered bigger than you'd ever need. history has shown that 1024 bit 
keys are now generally considered the smallest key you'd want to use, and 
may not be "safe" over the course of the next 10-20 years.

the thing to bear in mind, though, is that a 2048 bit key isn't *just* 
twice as strong as a 1024 bit key... (according to my math, please correct 
me if i'm wrong) it's this many times stronger:

17976931348623159077293051907890247336179769789423065727343008115773\ 
26758055009631327084773224075360211201138798713933576587897688144166\ 
22492847430639474124377767893424865485276302219601246094119453082952\ 
08500576883815068234246288147391311054082723716335051068458629823994\ 
7245938479716304835356329624224137216

a 1025 bit key (if there was such a thing) would be [merely] twice as 
strong as a 1024 bit key. a 1028 bit key would be 16 times stronger. 
compared to a 1024 bit key, a 4096 bit key is stronger by a number that's 
represented by (about) 4624 decimal digits. since no one has publicly 
broken a 1K key i feel pretty safe using 2K keys for everyday stuff.

also, anyone considering huge keys should read this section from the 
diceware FAQ - <http://world.std.com/~reinhold/dicewarefaq.html#128-bit> 
and remember that breaking a key is the hardest way to "break" pgp... 
there are a lot of easier methods, such as key-loggers and spy-cameras.


-- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"What sane person could live in this world and not be crazy?"
 		-- Ursula K. LeGuin





More information about the Gnupg-users mailing list