Some people say longer keys are silly. I think they should be supported by gpg.

Sam Whited sam at samwhited.com
Mon May 28 23:53:03 CEST 2012


On Mon, May 28, 2012 at 12:27 PM, Benjamin Donnachie
<benjamin at py-soft.co.uk> wrote:
> On 22 May 2012 09:58, <tim.kachao at gmail.com> wrote:
>>
>> I think it should be okay to dredge up this topic ever couple years.  From
>> what I am reading, links below,  I do not feel comfortable with the key
>> length and algorithmic security offered by GPG's defaults.
>
>
> Use this patch to increase the maximum keysize in gpg2 to 8192 when using
> the --expert option - intended for v2.0.17 but should be good for later
> versions too.

If you're going to add it to the --expert option it almost seems silly
to restrict it to 8192. Might as well pick an arbitrarily large number
since the point is to account for "silly" and/or experimental use
cases anyways.

2^32 should more than cover it (while we're being silly)
I read a paper a while back discussing key size in which they
generated extremely large keys on large clusters for some reason...
I'll have to see if I can dig it out.

—Sam

>
> --- g10/keygen.c        2011-01-15 16:32:30.000000000 +0000
> +++ g10/keygen.c        2011-01-15 16:32:42.000000000 +0000
> @@ -1774,7 +1774,7 @@
>  static unsigned
>  ask_keysize (int algo, unsigned int primary_keysize)
>  {
> -  unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
> +  unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=8192;
>    int for_subkey = !!primary_keysize;
>    int autocomp = 0;
>
>
>
> --expert
>
> Allow the user to do certain nonsensical or "silly" things like signing an
> expired or revoked key, or certain potentially incompatible things like
> generating unusual key types. This also disables certain warning messages
> about potentially incompatible actions. As the name implies, this option is
> for experts only. If you don't fully understand the implications of what it
> allows you to do, leave this off. --no-expert disables this option.
>
>
> It's generally accepted that a big key is a "silly thing" so seems perfect
> for inclusion in the expert option.
>
> Ben
>


-- 
Sam Whited
pub 4096R/EC2C9934

SamWhited.com
sam at samwhited.com
404.492.6008



More information about the Gnupg-users mailing list