2048 or 4096 for new keys? aka defaults vs. Debian

Robert J. Hansen rjh at sixdemonbag.org
Sat Oct 26 16:30:22 CEST 2013

On 10/25/2013 5:45 PM, Johan Wevers wrote:
> The authority of NIST is of course severely reduced since the
> Snowden revelations and their own suspicious behaviour with the Dual

*To you* they're severely reduced.  Please don't presume to make ex
cathedra statements for the rest of the world.  While I agree that NIST
is certainly not looking good, I'm not going to go so far as to say
their authority or credibility is "severely reduced."

Further, this statement of NIST's is backed by RSA Data Security, which
has issued recommendations that are in much the same line, and various
other consortiums as well.

> Further, if they expect it to be secure for only 25 years, that is 
> sufficient for people to upgrade if they expect to remain alive over
> 25 years

Not even intelligence agencies expect to keep things secret past 25
years.  If you're doing something that must remain secret for more than
25 years, I would recommend thinking about whether you should be doing
those things in the first place.

More information about the Gnupg-users mailing list