8192bit RSA keys

David Shaw dshaw at jabberwocky.com
Wed Jul 8 19:36:15 CEST 2009

On Jul 6, 2009, at 4:21 AM, martin f krafft wrote:

> Hey folks,
> Two years ago, there was a thread on this list, in which RSA key
> sizes >2048 were discussed [0]. In these two years, the crypto-world
> has been shaken up a bit, and computers got yet a bit more powerful.
> 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html
> I am trying to decide whether I want to create myself a new RSA key
> and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like
> to use the 8k variant, simply because I postulate that my machines
> can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but
> I don't know if this makes sense in practice.

It depends on what you're protecting against.   For most common cases,  
a 8192-bit RSA key is likely so vastly stronger than the rest of your  
environment that a smart attacker wouldn't bother to attack it.   
They'd just go after what they want via other attacks against you and/ 
or your environment.  Mind you, the same thing is true for a 2048-bit  
RSA key as well.  (I'd wager that for many people, the same thing is  
also true for a 512-bit RSA key).  If you can get the same end result  
with a smaller key, you need to ask yourself what the big key actually  
buys you.

If you're looking for a more immediate reason, though, note that if  
you make a RSA key larger than 2048 bits you can't use it with the  
spiffy new OpenPGP smartcard.


More information about the Gnupg-users mailing list