2048 or 4096 for new keys? aka defaults vs. Debian

Robert J. Hansen rjh at sixdemonbag.org
Sun Oct 27 01:09:08 CEST 2013

On 10/26/2013 5:44 PM, Christoph Anton Mitterer wrote:
> Well with that "argument" you can always defeat any crypto... a "real
> attacker" will not care whether you use 786 bit RSA keys or 16k bit
> keys... he comes for you and tortures you until you happily give him
> anything he wants...

The name of the game is economics.  How much is the secret worth?  If
it's worth $50,000 of computer equipment and cryptanalysis, then it's
also worth a $50,000 bribe, a $50,000 payment to a professional thief to
break in and plant keyloggers, $50,000 in hookers and blow, $50,000 of...

Note that I'm not disagreeing with Christoph.  I'm only pointing out the
world is a big place and there are a *lot* of ways to acquire secrets,
not just "break the crypto" and "break the kneecap".

More information about the Gnupg-users mailing list