encryption algorithm

Robert J. Hansen rjh at sixdemonbag.org
Tue Dec 17 19:22:33 CET 2013

> (Definitely Godzilla) But why do people tell me that DH, DSA, and RSA
> under 2048 are unacceptable?

I have to let my cynicism shine through, unfortunately.

For the vast majority of the population, cryptographic technologies  
are a giant black box.  The popular view is that it's something only  
accessible to really blindingly smart people, and that these people  
know better than you.  As a result, there is never a shortage of  
people who read a few web pages, come to a vague understanding of  
things, declare themselves to be experts, and then preach doom and  
gloom if you ever even think of violating their recommendations --  
because, after all, they're *experts*.

Charlatanry is so commonplace in the crypto world there's even a FAQ  
entry for it.

With respect to 2048-bit crypto, don't believe the hype.  Most users  
and most purposes will still be well-served with even a 1024-bit key.   
No one with half a brain is going to bother trying to break RSA-1024;  
they will instead come up with more effective ways of recovering your  

But there are some people and some users who have a true need for  
long-term security in their messages.  The current recommendations of  
NIST, ENISA, RSADSI and others is that RSA-2048 will be safe for the  
next thirty years.  This is long-term security; as such, 2048-bit  
crypto is generally a good recommendation.  Further, 2048-bit keys are  
small enough that they may be used in smart cards, mobile devices and  
embedded markets.  Basically, RSA-2048 hits the sweet spot.

But don't believe people who preach doom and gloom if you use  
RSA-1024.  Although it's not sufficient for long-term security, it's  
plenty sufficient to dissuade anyone who doesn't have the resources of  
a First World government behind them.  If you're worried about someone  
at your ISP reading your email to your girlfriend, RSA-1024 will do  
the job just fine.  If you're worried about the Russian FSB reading  
your Vladimir Putin slashfiction that you're sending to people in  
Russia, you might want to use RSA-2048.  :)

> How can I find whats on my list?

Werner has already given you the default list.  It starts with AES-256.

More information about the Gnupg-users mailing list