RSA 4096 ridiculous? (was RSA 1024 ridiculous)

Robert Hübener huebener at
Wed Jun 20 11:38:35 CEST 2007

In my view, gnupg already offers too much choice. There is no real
reason to have so many options. They should have given 2 to chose from -
a small and fast and a large and slow (both sort of balanced, too), say

a) DSA-1024 (SHA1) & Elgamal-1024, cipher 3DES - fingerprint SHA1


b) DSA-3072 (SHA256) & Elgamal-3072, cipher AES-128 - fingerprint SHA256

If one of the ingredients is broken, gnupg has to be redesigned anyways.
 The idea that we can simply go on in this case and use the fallback
functions doesn't seem realistic to me. The easiest case to handle
(fallback-wise) would be that AES is broken. But even then there would
be a huge chaos and thousands of keys would have to be updated etc
(which many users won't do anyways), so that the web of trust will break
down then. A complete start will be best even in this case, with new keys.

More information about the Gnupg-users mailing list