1024 key with 2048 subkey: how affected?
Robert J. Hansen
rjh at sixdemonbag.org
Sun Jan 22 05:02:52 CET 2012
On 1/20/2012 3:15 PM, Chris Poole wrote:
> Since it's now recommended (to my knowledge) to use 2048-bit keys and
> above, how does having a 1024-bit keypair affect me?
It depends entirely on what you're doing with it. Breaking a 1024-bit
key is within the realm of possibility for a ridiculously well-funded
adversary. It hasn't been publicly demonstrated yet, but it's a matter
of time.
Over a decade ago, the state of the art was to break a 56-bit keyspace
in under 24 hours for $250,000. A 1024-bit key has about an 80-bit
keyspace, which is a factor of 16 million larger. Given the advances in
supercomputing in the last decade it is reasonable to believe 1024-bit
keys are either breakable now or will be in the near future, but only at
incredible cost.
If I was signing nuclear weapon authorization codes, I would not trust
1024-bit DSA. Nor would I trust it if I was signing a 30-year mortgage.
On the other hand, for most normal email usage 1024-bit crypto is still
plenty enough.
More information about the Gnupg-users
mailing list