SSH Agent keys >4096 bit?

Werner Koch wk at
Fri May 4 21:24:07 CEST 2012

On Fri,  4 May 2012 20:54, ali at said:

> Might I point out that discussion is with respect to an 8k RSA SSH key
> for SSH authentication, not for email. A 2 second delay during the
> initialization of an SSH connection is not a problem.

The delay with SSH would even be longer.  Again, it is plain stupid to
assume that you can reach any security improvments on mobile phone (or
to a lttle lesser degree on servers) by increasing the key sizes.  The
security gain is bug bound and not bound to the key size.

> Find one with a better battery/more-efficient processor if these sorts
> of calculations would really be an issue, compared to the general
> radio use of the phone.

Radios are very well optimized.  CPUs also very energy efficient - but
only if they are idle.  On most smartphones you can already notice that
by playing a Vorbis file compared to playing a MP3 file; the latter use
the DSP (instead of the general purpose CPU) and will play a lot more
music before charging is required.  Right, you may gain a similar
battery life boost by using a crypto accelerator - however they are only
designed for 2048 bit and I don't know whether they are available on SoCs



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list