SSH Agent keys >4096 bit?

Peter Lebbing peter at
Sat May 5 12:08:58 CEST 2012

On 04/05/12 22:35, Milo wrote:
> You can't tell consumer or end-user that he can't use 256-bit, symmetric
> cipher for his (even!) porn stash because this is some kind of faux pas
> and he is iconoclast because of this. It's up to him.

Why should the GnuPG authors include a feature they don't believe in? If
it's in GnuPG official, it will need to be supported. What if there is
some bug that only rears its ugly head with 8k keys? They'll need to
spend more time on it, time better spent elsewhere.

And especially, why should they add something they simply don't believe in.

The use of 8k keys is bothersome to others. In the GnuPG case for
certifications and signatures, and in the SSH case for the owner of the
server you're logging in to and burning unnecesary CPU cycles.

> One more time - this is not up to you or software authors to decide
> what's the value behind encrypted data. Even if reason of encrypting it
> is silly.

I don't think it's up to you to decide that the GnuPG authors need to
officially support something they find silly.

And you seem to forget that when you use GnuPG with (for example) 4k
keys, the 4k key is simply not the weakest link! This has been said already.

It's an interesting take on things, that the GnuPG authors somehow think
your data must be invaluable, because they don't offer 8k RSA. If your
data is that valuable, keep it to yourself. Don't give even the
encrypted variant to your enemy. Because your formidable enemy will know
of a way to decrypt it without breaking your 8k key.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at

More information about the Gnupg-users mailing list