2048 or 4096 for new keys? aka defaults vs. Debian

Sylvain beuc at beuc.net
Sat Oct 26 11:35:25 CEST 2013

Hi and thanks for your answers,

Would it be a good idea to update the FAQ in this regard?
-> "1024 bit for DSA signatures; even for plain Elgamal signatures."

On Fri, Oct 25, 2013 at 02:19:08AM +0200, Christoph Anton Mitterer wrote:
> Some people may argue that 2048 is secure enough for many many years to
> come. Similar things have been said for 1024 not so many years ago.
> And especially under the light of the NSA/friends scandal,... why using
> less when you have no strong reasons to do so?

Well I've heard that in security, more bits isn't necessarily more
secure, depending on the algorithm.

Plus, following this principle, why doesn't gnupg default to 4096 if
there isn't any reason not to?  I would suppose that if gnupg defaults
to 2048, the devs have a good reason to.


More information about the Gnupg-users mailing list