RSA 1024 ridiculous / RSA 8192 sublime, and, possible with gnupg.

David Shaw dshaw at
Mon Jun 18 04:27:37 CEST 2007

On Sun, Jun 17, 2007 at 06:31:15PM -0400, John W. Moore III wrote:
> David Shaw wrote:
> > This year is slightly different in that I'm waiting for someone to
> > discover they can also raise the key size limit for DSA.  That, at
> > least, is marginally less strange as I put in code to make the hash
> > size automatically rise as the key size rises.  Using SHA-1 with a
> > 8192-bit RSA key is... odd.
> Wait No longer.  However, as You point out; Why use a large Key with the
> available Hash selections.  Even considering DSA2, Everyone I know has
> already begun migration away from DSA to RSA.  Personally, I feel
> Compiling GnuPG with the ability to generate an 8192 Key, while amusing,
> is akin to selling someone a .22cal hollowpoint weapon instead of a
> .45ACP for Personal Defense because it 'kicks' less.

I have no idea what this means... which makes it an excellent analogy
for the key size question.  It takes some understanding of the issues
to know why a particular key size matches up with a particular hash
size, is used with particular software, for particular usage, etc.  I
don't understand the issues in your example (beyond saying "they're
two different bullets"), so if I needed to choose between them, I'd
have to do some learning first to even understand the question, much
less reach the right answer for me.

The defaults in GnuPG are chosen to be basically sane for the
overwhelming majority of users.  People who are recompiling GnuPG need
to understand the implications of the change they are making and be
aware they're throwing away that safety net.


More information about the Gnupg-users mailing list