Generating a new key
Grant Olson
kgo at grant-olson.net
Sun Mar 21 04:33:59 CET 2010
On 3/20/2010 11:22 PM, Doug Barton wrote:
>
> Yes, that's a consideration, however in 5 years we'll have had at least
> 2 iterations of Moore's Law, and in my experience so far I do much more
> signing than I do encryption.
>
> Thanks for the review. :)
>
>
> Doug
>
I stumbled on this wikipedia page a few weeks ago:
http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths
I'm not sure how up-to-date the info is, but it basically says that even
with Moore's law, 2048 bit keys should be good until 2030.
I would think if you want to future-proof anything, it'd be the primary
key. You can create a separate signing subkey with a more reasonable
bit length. And then if you need to crank up the signing/encryption key
bit-lengths in the future, you can create new subkeys and expire the old
ones, and you'll keep all your signatures on the existing primary key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100320/9c608277/attachment.pgp>
More information about the Gnupg-users
mailing list