what are the sub keys

Lists.gnupg at mephisto.fastmail.net Lists.gnupg at mephisto.fastmail.net
Tue Mar 22 20:43:23 CET 2011


On Tue, Mar 22, 2011 at 08:28:57AM -0700 Also sprach Robert J. Hansen:
>
>IME, engineering starting from a base maxim of, "why not?", ultimately
>leads to curious things that leave you scratching your head (like the
>aforementioned, "why are you using SHA512 with DSA-1K?").  This is why I
>would much rather start from a base maxim of, "why?"  I'd much rather be
>accused of favoring minimalism than maximalism.
>

I agree that "Why Not?" by itself is not an argument in favor of doing
something, unless it is balanced by a "Why?" 

So, one can compare the pros and cons of using a longer key, with some
items ending up in the "Why do it" column, and some ending up in "Why not."

My point is that in the "Why use 4096-bit RSA?" column, we have a few
items, including a much longer lifetime for the key and encrypted data,
as factoring attacks get better in the future (they never get worse),
whereas in the "why not" column, we have--so far as I can see--nothing
(apart from special usage scenarios, as I exeplified above).

There is a greater margin of security in a 4096-bit key over a 2048-bit
key (all other factors being equal), even if it is only theoretical. 
Sure, there are other, more important security considerations; perhaps
not in spite of them, but because of them, one can say "Use the maximum
key length supported, and move on to more important considerations." 

-- 
"Le hasard favorise l'esprit préparé."
                       --Louis Pasteur



More information about the Gnupg-users mailing list