1024 key with 2048 subkey: how affected?

John Clizbe John at enigmail.net
Mon Jan 23 22:08:12 CET 2012

Chris Poole wrote:
> On Mon, Jan 23, 2012 at 4:52 PM, brian m. carlson
> <sandals at crustytoothpaste.net> wrote:
>> Because it's also used to sign other people's keys.  Using a very large
>> key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
>> be unusable.  You have to not only verify signatures on other keys but
>> also the signatures on the subkeys.
> That was what I hadn't thought about. Thanks for bringing it to my attention.

Just to point out an important data point on the key size front. To a degree,
larger keys are better. However, 4096-bit RSA keys are never going to be a


Depending on the source, a consensus seems to be forming that beyond a 2048
or 3072 bit modulus for DSA2 or RSA, folks need to switch to ECC.

Larger and larger RSA keys aren't the solution, ECC is. The balance of power has
tipped away from RSA and toward ECC.

Feel free to ignore everything I've said. There's no reason you should trust
me. But by all means, keep asking questions. But everything I've read agrees
larger and larger RSA keys are not the path forward.

John P. Clizbe                      Inet: John ( a ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

More information about the Gnupg-users mailing list