Recommended key size for life long key

Anthony Papillion anthony at cajuntechie.org
Sat Aug 31 22:27:48 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/31/2013 04:46 AM, Ole Tange wrote:
> The FAQ
> http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size
>
> 
recommends a key size of 1024 bits.
> 
> Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG
> recommends that.
> 
> Why not recommend a key size that will not be broken for the rest
> of your natural life? (Assuming the acceleration of advances in
> key breaking remains the same as it has done historically, thus no
> attack is found that completely destroys the algorithm used).
> 
> I just generated a 10kbit RSA key. It took 10 minutes which is long
> to sit actively waiting, but not very long if you are made aware it
> will take this long and just leave it in the background while doing
> other work; and to me 10 minutes (or even 10 hours) is a tiny
> investment if that means that I do not loose the signatures on my
> key by changing key every 5 years.

Hi Ole,

There are other problems that need to be considered when creating a
'lifelong' extra large key.

First, you need to consider people on older hardware or mobile
devices. That 10k key might take 10 minutes to do anything with on
modern hardware. But do you think a mobile device will have the kind
of horsepower needed to use that key in any way? Probably not. That
may lock out a significant portion of your contacts from being able to
communicate with you.

Secondly, a long key length won't protect you if 1) an incredibly
efficient factoring algorithm is designed and used, 2) quantum
computers are used against your key, or 3) side channel attacks. In
all of those sceneries, large keys won't protect you at all.
Especially in side channel attacks or qc attacks.

Personally, I trust my 4096 bit key for now until ECC is integrated
into GnuPG. Then, I'll recreate my keys. Looking for a key that will
never be broken is like looking for the fountain of youth: it's a nice
idea but not realistic to plan your life around. Security is always
moving. You have to be prepared to move with it.

Regards,
Anthony

- -- 
Anthony Papillion
XMPP/Jabber:  cypherpunk at patts.us
SIP:          17772471988 at callcentric.com
PGP Key:      0x53B04B15

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSIlHEAAoJEAKK33RTsEsVCBEP/2iX/lCeUzr4XOfl9M2dKOYX
Jmspl0/xUEuJ/pN8A+XXfH6Roe1HtO/sIDRxMB/yM6speLnvrfpin3lxLNh68IPW
A5wkgIit61ERSpFFMw7oaaWViqZ9dz4qkm9FVA5b2WQBYJzC5jWu6t0vfJJgQIE3
PJHarT+Ok3tMPPZvDpOiC0dE0tTVmvod1O3mk5fOnbnCdXq1mIdy+cqM182t9pl2
lJWgJ4H6fsJsIYqUvC7MWJtNGXJ++8i3WySttoMbvOeVT+YyJk3/R/BetqRYxbuD
qE4Clniu5l/NB/LtO7nmD4cziszU6WFZVKXft1pR8qnyFbItb/2vpA4g8PbM3m2W
4dbTGn5SA2ouF8glCukRjydeCeca1/jf/DQQ5w5DSnQegLwbH7FzORVQ79k7CyXV
4l6ulmLwrb5Jn7aw/GOukEqAjBQcaJjg1C5TjIAyfy+7yQye9nuoVRz3rf5JcOwx
luu5KARLGcIyxCatrQPqydvr7FuNCH1oyLzvYTZ1qpRt5KI85bGqesTAh2ltiv/n
BWEs2auasD62PxaneH8PurlPpdw5D+b6bxTs6QnKG90IhvIBfQqr/62DnkpK9D5f
ImYbo6Z/pgzAqggtbXDlOEfmn9gr8g1egkNfrFei8EYSNLaNqTrQkumV9gX+RrHq
zqszn5xP94iqkj1JFd9V
=4t2X
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list