what are the sub keys

Robert J. Hansen rjh at sixdemonbag.org
Tue Mar 22 16:28:57 CET 2011


> I agree that 4096 may seem like overkill, but I think the recommendation
> to max out one's RSA key size is defensible. Here's why:

"Defensibility" really doesn't enter into it.  My purpose isn't to
persuade someone not to use a 4k key: my purpose is to suggest that people
think critically about why they want a 4k key and what they think it will
give them that a 2k key does not.

> I agree that an awful lot of fuss is made over key length, sometimes to
> the exclusion of other, much more likely attack vectors. However, until
> someone describes for me a compelling reason NOT to bump key length up
> to 4096, my view remains: "Why not?"

And this is where I part ways with you.  There is no reason not to bump
key length up to 4096.  There is also no reason not to use SHA512 with a
DSA-1k key, for instance.  Sure, only 160 bits of SHA512 will be used, but
that's not a reason not to use it.  It's not as if you're making the system
weaker.

IME, engineering starting from a base maxim of, "why not?", ultimately
leads to curious things that leave you scratching your head (like the
aforementioned, "why are you using SHA512 with DSA-1K?").  This is why I
would much rather start from a base maxim of, "why?"  I'd much rather be
accused of favoring minimalism than maximalism.




More information about the Gnupg-users mailing list