2048 or 4096 for new keys? aka defaults vs. Debian [doc patch]
beuc at beuc.net
Sat Oct 26 21:40:09 CEST 2013
On Sat, Oct 26, 2013 at 02:13:15PM +0200, Werner Koch wrote:
> Instead of discussing these numbers the time could be much better use to
> audit the used software (firmware, OS, libs, apps).
Thanks for your answer. To foster spending less time on these
discussions, how about this? :)
--- faq.org.orig 2013-10-26 21:37:35.500209973 +0200
+++ faq.org 2013-10-26 21:37:25.340945491 +0200
@@ -244,22 +244,27 @@
- 1024 bit for DSA signatures; even for plain Elgamal signatures.
- This is sufficient as the size of the hash is probably the weakest
- link if the key size is larger than 1024 bits. Encryption keys may
- have greater sizes, but you should then check the fingerprint of
- this key:
+ GnuPG comes with a default recommended preset, which 2048 bits
+ primary RSA key as of 2013.
- : $ gpg --fingerprint <user ID>
+ There are regularly discussions about using 4096 primary RSA keys.
+ Well, there is no benefit of overly large keys on average
+ computers. After all the goal is not to have large key but to
+ protect something. Now, if you want to protect something you need
+ to think like the attacker - what will an attacker do to get the
+ plaintext (or fake a signature)? Spend millions on breaking a few
+ 2k keys (assuming this is at all possible within the next decade)
+ or buy/develop/use a zero-day exploit?
- As for the key algorithms, you should stick with the default (i.e.,
- DSA signature and Elgamal encryption). An Elgamal signing key has
- the following disadvantages: the signature is larger, it is hard
- to create such a key useful for signatures which can withstand some
- real world attacks, you don't get any extra security compared to
- DSA, and there might be compatibility problems with certain PGP
- versions. It has only been introduced because at the time it was
- not clear whether there was a patent on DSA.
+ Also, 4096 keys have a few inconveniences: they increase the size
+ of the signatures and thus make the keyrings longer and, worse,
+ computing the web of trust takes much longer - not on your high
+ end desktop machine but on old laptops, and phones where it drains
+ the battery faster.
+ Instead of discussing these numbers the time could be much better
+ use to audit the used software (firmware, OS, libs, apps), which
+ often are the weak link of the security chain.
** Why does it sometimes take so long to create keys?
More information about the Gnupg-users