2048 or 4096 for new keys? aka defaults vs. Debian
pete at heypete.com
Fri Oct 25 23:33:14 CEST 2013
On Fri, Oct 25, 2013 at 2:19 AM, Christoph Anton Mitterer
<christoph.anton.mitterer at lmu.de> wrote:
> On Thu, 2013-10-24 at 21:05 +0200, Sylvain wrote:
>> Is this zealotry on the Debian front, or something to update in gnupg?
> As they write,... they don't see a specific (i.e. technical or
> performance) reason not to do so.
> Some people may argue that 2048 is secure enough for many many years to
> come. Similar things have been said for 1024 not so many years ago.
> And especially under the light of the NSA/friends scandal,... why using
> less when you have no strong reasons to do so?
In my particular case, I mainly use GnuPG with emails and RSA
signatures tend to be quite large and unwieldy for non-GnuPG-using
users, mailing lists, etc. when one uses 4096-bit keys. As a
compromise, I use a 4096-bit primary key (used only for certifying
keys) and 2048-bit subkeys for encryption and signing, thus keeping
signature sizes a bit more manageable. This also lets me periodically
rotate subkeys as needed.
For Debian devs, the signatures are (mostly?) used for package signing
and so an extra few hundred bytes isn't really a big deal as it's rare
for anyone to actually see the signature itself as it's processed
automatically by the package manager. In their case, there's no
specific reason to *not* use 4096-bit keys.
It all depends on your use case, I suppose.
More information about the Gnupg-users