4096 bit keys

Ingo Klöcker kloecker at kde.org
Wed Mar 23 20:04:57 CET 2011

On Tuesday 22 March 2011, Jerome Baum wrote:
> Jonathan Ely <thajsta at gmail.com> writes:
> > I really wish 8192 would become available. Not that it would be the
> > end all/be all of key security but according to your theory it
> > sounds much more difficult to crack.
> Take that  a few steps further. Why  not use
> 99999999999999999999999-bit keys? Because they are much more
> difficult to compute. In fact if you go above a certain key size,
> since  IIRC the exponent e is standardized and thus limited, your
> discrete logarithm  is no longer discrete and so your key security
> just vanishes.
> In any  case, 4096 bits will  be secure for  some time to come,  and
> yes 8192 bits would be even more secure.  We can take that as far as
> we wish but  there are  limits in  the standard,  in compatibility, 
> and  in the current implementation.

Most importantly, there are limits to the size of keys current hardware 
(in particular all of those smart phone and tablet CPUs) can handle in 
finite time. You surely do not want to wait tens of seconds to verify a 
single RSA 8192 signature.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110323/193b2282/attachment.pgp>

More information about the Gnupg-users mailing list