RSA useless for encryption was: RE: RSA 1024 ridiculous

Snoken snoken at tunedal.nu
Wed Jun 20 13:21:02 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 17:05 2007-06-16, Brian Smith wrote:
 >Snoken wrote:
 >> I suppose this means that 1024 bit RSA-keys are ridiculous
 >> and the Open PGP Card is a joke. And what about all web sites
 >> protected by SSL with a 1024-bit RSA-certificate?
 >
 >This seems to be more-or-less on schedule:
 >http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths
 >
- --- snip ---
 >
 >Regards,
 >Brian
 >
 >
 >_______________________________________________
 >Gnupg-users mailing list
 >Gnupg-users at gnupg.org
 >http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi,
I estimate that RSA 1024-bit keys have a very limited use for
encryption. Encryption usually intends to protect for a substantially
longer time than the time a signature is of any interest.

Brian ("Brian Smith" <brian at briansmith.org>) looked inWikipedia. Me too:

"As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent
in strength to 80-bit symmetric keys"

http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths

I checked with the source:
http://www.rsa.com/rsalabs/node.asp?id=2004

In 2003 users of RSA 1024-bit keys were advised to drop them before
2010. Now the situation is somewhat worse than it looked in 2003.

Unfortunately the OpenPGP Cards are limited to a use RSA-keys of 1024
bits, both for encryption and signing. Any work in progress for an
improved card?

Snoken

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959

iD8DBQFGeQ3KWisObvnr8tQRAt0VAJ41qrUBSU7hsDydwnT4ixhfwE4tvgCdHpMZ
J6mI9LJYQx6Ymq+c1aoZ1kM=
=HQKy
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list