what are the sub keys

Lists.gnupg at mephisto.fastmail.net Lists.gnupg at mephisto.fastmail.net
Tue Mar 22 20:43:23 CET 2011

On Tue, Mar 22, 2011 at 08:28:57AM -0700 Also sprach Robert J. Hansen:
>IME, engineering starting from a base maxim of, "why not?", ultimately
>leads to curious things that leave you scratching your head (like the
>aforementioned, "why are you using SHA512 with DSA-1K?").  This is why I
>would much rather start from a base maxim of, "why?"  I'd much rather be
>accused of favoring minimalism than maximalism.

I agree that "Why Not?" by itself is not an argument in favor of doing
something, unless it is balanced by a "Why?" 

So, one can compare the pros and cons of using a longer key, with some
items ending up in the "Why do it" column, and some ending up in "Why not."

My point is that in the "Why use 4096-bit RSA?" column, we have a few
items, including a much longer lifetime for the key and encrypted data,
as factoring attacks get better in the future (they never get worse),
whereas in the "why not" column, we have--so far as I can see--nothing
(apart from special usage scenarios, as I exeplified above).

There is a greater margin of security in a 4096-bit key over a 2048-bit
key (all other factors being equal), even if it is only theoretical. 
Sure, there are other, more important security considerations; perhaps
not in spite of them, but because of them, one can say "Use the maximum
key length supported, and move on to more important considerations." 

"Le hasard favorise l'esprit préparé."
                       --Louis Pasteur

More information about the Gnupg-users mailing list