Recommended key size for life long key
anthony at cajuntechie.org
Sat Aug 31 22:27:48 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 08/31/2013 04:46 AM, Ole Tange wrote:
> The FAQ
recommends a key size of 1024 bits.
> Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG
> recommends that.
> Why not recommend a key size that will not be broken for the rest
> of your natural life? (Assuming the acceleration of advances in
> key breaking remains the same as it has done historically, thus no
> attack is found that completely destroys the algorithm used).
> I just generated a 10kbit RSA key. It took 10 minutes which is long
> to sit actively waiting, but not very long if you are made aware it
> will take this long and just leave it in the background while doing
> other work; and to me 10 minutes (or even 10 hours) is a tiny
> investment if that means that I do not loose the signatures on my
> key by changing key every 5 years.
There are other problems that need to be considered when creating a
'lifelong' extra large key.
First, you need to consider people on older hardware or mobile
devices. That 10k key might take 10 minutes to do anything with on
modern hardware. But do you think a mobile device will have the kind
of horsepower needed to use that key in any way? Probably not. That
may lock out a significant portion of your contacts from being able to
communicate with you.
Secondly, a long key length won't protect you if 1) an incredibly
efficient factoring algorithm is designed and used, 2) quantum
computers are used against your key, or 3) side channel attacks. In
all of those sceneries, large keys won't protect you at all.
Especially in side channel attacks or qc attacks.
Personally, I trust my 4096 bit key for now until ECC is integrated
into GnuPG. Then, I'll recreate my keys. Looking for a key that will
never be broken is like looking for the fountain of youth: it's a nice
idea but not realistic to plan your life around. Security is always
moving. You have to be prepared to move with it.
XMPP/Jabber: cypherpunk at patts.us
SIP: 17772471988 at callcentric.com
PGP Key: 0x53B04B15
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users