Some people say longer keys are silly. I think they should be supported by gpg.
sam at samwhited.com
Mon May 28 23:53:03 CEST 2012
On Mon, May 28, 2012 at 12:27 PM, Benjamin Donnachie
<benjamin at py-soft.co.uk> wrote:
> On 22 May 2012 09:58, <tim.kachao at gmail.com> wrote:
>> I think it should be okay to dredge up this topic ever couple years. From
>> what I am reading, links below, I do not feel comfortable with the key
>> length and algorithmic security offered by GPG's defaults.
> Use this patch to increase the maximum keysize in gpg2 to 8192 when using
> the --expert option - intended for v2.0.17 but should be good for later
> versions too.
If you're going to add it to the --expert option it almost seems silly
to restrict it to 8192. Might as well pick an arbitrarily large number
since the point is to account for "silly" and/or experimental use
2^32 should more than cover it (while we're being silly)
I read a paper a while back discussing key size in which they
generated extremely large keys on large clusters for some reason...
I'll have to see if I can dig it out.
> --- g10/keygen.c 2011-01-15 16:32:30.000000000 +0000
> +++ g10/keygen.c 2011-01-15 16:32:42.000000000 +0000
> @@ -1774,7 +1774,7 @@
> static unsigned
> ask_keysize (int algo, unsigned int primary_keysize)
> - unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
> + unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=8192;
> int for_subkey = !!primary_keysize;
> int autocomp = 0;
> Allow the user to do certain nonsensical or "silly" things like signing an
> expired or revoked key, or certain potentially incompatible things like
> generating unusual key types. This also disables certain warning messages
> about potentially incompatible actions. As the name implies, this option is
> for experts only. If you don't fully understand the implications of what it
> allows you to do, leave this off. --no-expert disables this option.
> It's generally accepted that a big key is a "silly thing" so seems perfect
> for inclusion in the expert option.
sam at samwhited.com
More information about the Gnupg-users