"This key may be unsafe" - Redux

David Tomaschik david at systemoverlord.com
Mon Mar 7 23:08:01 CET 2011

This key length concern is highly dependent on the threat model.  I
believe RSA-1024 is likely safe TODAY for MOST attacks.  That being
said, I could not, in good conscience, suggest that anyone generate a
1024 bit key today -- the lifetime on that is probably too short, and
almost any device (including most mobile devices that can handle some
form of OpenPGP) should be able to handle at least 2048 bit without
much trouble.  Section 5.6 of NIST Publiction 800-57
is the best guidance I use for key length selection.  NIST recommended
that use of 1024 bit RSA-type (IFC) keys be discontinued in 2010.
2048 is recommended through 2030.  I use a 4k master key
(certification only) and 3k keys for encrypt and sign.  Yes, this is
perhaps a bit paranoid, but I have yet to run into any device where I
feel the delay is unacceptable (my android phone included).

I don't believe that GPG alerts on key lengths at all, but it does
have suggested lengths at key generation time.


On Mon, Mar 7, 2011 at 4:41 PM, Charly Avital <shavital at mac.com> wrote:
>> GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
>> for *any* key with a length equal or inferior to 1024 bits.
> [...]
>> Are keys whose length is equal or inferior to 1024 bits *unsafe*?
>> If so, how are they unsafe?
>> Where is this key length unsafe situation documented?
> I am not aware of any GnuPG command in Terminal that would display or
> warn about this situation. Is there any, or should there be any?
> [...]
> TIA.
> Charly
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
david at systemoverlord.com

More information about the Gnupg-users mailing list