Recommended key size for life long key
Ingo Klöcker
kloecker at kde.org
Sat Aug 31 19:41:33 CEST 2013
On Saturday 31 August 2013 11:46:31 Ole Tange wrote:
> The FAQ
> http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-s
> ize recommends a key size of 1024 bits.
>
> Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG
> recommends that.
>
> Why not recommend a key size that will not be broken for the rest of
> your natural life? (Assuming the acceleration of advances in key
> breaking remains the same as it has done historically, thus no attack
> is found that completely destroys the algorithm used).
>
> I just generated a 10kbit RSA key. It took 10 minutes which is long to
> sit actively waiting, but not very long if you are made aware it will
> take this long and just leave it in the background while doing other
> work; and to me 10 minutes (or even 10 hours) is a tiny investment if
> that means that I do not loose the signatures on my key by changing
> key every 5 years.
Now try sending a message signed with this key to yourself. And then try
verifying the signature on this message. And then imagine doing the same
on a mobile phone with a processor that is 10 times slower than that of
your PC. I'm pretty sure that this will make you realize that a 10kbit
RSA key is a PITA for everybody, for you when you sign messages or other
people's keys and for others when they need to verify your signatures.
Once you've realized this you might understand the recommendation in the
FAQ. BTW, the FAQ recommends creating a 1024 bit DSA key; IIRC this is
more or less equivalent to a 2048 bit RSA key.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130831/b97d887f/attachment.sig>
More information about the Gnupg-users
mailing list