RSA 1024 ridiculous

Brian Smith brian at
Sat Jun 16 17:05:20 CEST 2007

Snoken wrote:
> I suppose this means that 1024 bit RSA-keys are ridiculous 
> and the Open PGP Card is a joke. And what about all web sites 
> protected by SSL with a 1024-bit RSA-certificate?

This seems to be more-or-less on schedule:

IF you have a life-long digital secret that you want to protect from
people with hundreds of millions of dollars to spend, and you insist on
using RSA public key encryption to protect it during transit over the
internet, then you need to use RSA 15,360 (not a typo) + AES 256 + hope.
But, I think RSA 3072 + AES 128 should be good enough to get you a
waterboarding ticket; even RSA 1024 + 3DES would result in spyware or a
key logger on your client machine to prevent them from having to fill up
the bucket.

Regarding HTTPS: If you go to any SSL certificate vendor, you will see
them talking only about "256 bit SSL" and they usually have no
recommendations at all regarding the RSA key length. The certificate
vendors treat HTTPS as a marketing feature and not a security feature.
As a result, the RSA 1024 + AES 256 is the most common combination I see
when I'm browsing with Firefox.

I cannot find it in the specs right now, but I think that even the
latest S/MIME and PGP/MIME specs only require implementations to support
RSA keys sizes up to 2048 bits. I have used 4096 bit keys for (Thawte
Freemail) S/MIME certificates in Thunderbird and Outlook 2003 without


More information about the Gnupg-users mailing list