1024 key with 2048 subkey: how affected?

Robert J. Hansen rjh at sixdemonbag.org
Sun Jan 22 05:02:52 CET 2012

On 1/20/2012 3:15 PM, Chris Poole wrote:
> Since it's now recommended (to my knowledge) to use 2048-bit keys and
> above, how does having a 1024-bit keypair affect me?

It depends entirely on what you're doing with it.  Breaking a 1024-bit
key is within the realm of possibility for a ridiculously well-funded
adversary.  It hasn't been publicly demonstrated yet, but it's a matter
of time.

Over a decade ago, the state of the art was to break a 56-bit keyspace
in under 24 hours for $250,000.  A 1024-bit key has about an 80-bit
keyspace, which is a factor of 16 million larger.  Given the advances in
supercomputing in the last decade it is reasonable to believe 1024-bit
keys are either breakable now or will be in the near future, but only at
incredible cost.

If I was signing nuclear weapon authorization codes, I would not trust
1024-bit DSA.  Nor would I trust it if I was signing a 30-year mortgage.
 On the other hand, for most normal email usage 1024-bit crypto is still
plenty enough.

More information about the Gnupg-users mailing list