Change limits on pubkey lengths?

Anonymous nobody at
Wed Mar 12 19:08:22 CET 2008

Since RFC4880 is now including symmetric ciphers with 256 bit key
lengths like TWOFISH and CAMELLIA, is it time to change the limits in
gnupg for pubkey sizes? According to some sources (RSA for example) the
"equivalent" assymetric key size would be 15360 bits compared to a
symmetric cipher using 256-bit key length. Is it really so bad to set
the default to something between 2048 and 4096 and the upper limit to

We know that if the session key is compromised it means one message has
been exposed. If the pubkey is factored then all messages encrypted
under that key pair are exposed. I know from old posts Werner has
been opposed to increasing these limits but am wondering now if he
reconsiders based on new chiphers in 4880 and recent events in factoring

Sorry if this has already been discussed in the openpgp ietf or
elsewhere. I didn't find any hits.

Thanks to the gpg dev and user community.

More information about the Gnupg-users mailing list