2048 or 4096 for new keys? aka defaults vs. Debian [doc patch]
beuc at beuc.net
Sun Oct 27 08:26:43 CET 2013
On Sat, Oct 26, 2013 at 06:29:26PM -0400, Robert J. Hansen wrote:
> On 10/26/2013 3:40 PM, Sylvain wrote:
> > Thanks for your answer. To foster spending less time on these
> > discussions, how about this? :)
> Hi! I'm the quasi-official FAQ maintainer. You can read the current
> text of the FAQ at:
> Excerpting from it:
> Q: How large should my key be?
> A: The overwhelming majority of users will be well-served
> by generating 2048-bit RSA keys. This is the default
> behavior for GnuPG.
> Although we appreciate your patch for the FAQ, it would probably be
> better to submit a patch against the in-development FAQ as opposed to
> the old one, which is no longer being maintained. :)
Since it's the 3rd or 4th format of the FAQ that I come accross in the
past 24h, I'm just giving the full text, adapt it however you like :)
GnuPG comes with a default recommended preset, which 2048 bits
primary RSA key as of 2013.
There are regularly discussions about using 4096 primary RSA keys.
Well, there is no benefit of overly large keys on average
computers. After all the goal is not to have large key but to
protect something. Now, if you want to protect something you need
to think like the attacker - what will an attacker do to get the
plaintext (or fake a signature)? Spend millions on breaking a few
2k keys (assuming this is at all possible within the next decade)
or buy/develop/use a zero-day exploit?
Also, 4096 keys have a few inconveniences: they increase the size
of the signatures and thus make the keyrings longer and, worse,
computing the web of trust takes much longer - not on your high
end desktop machine but on old laptops, and phones where it drains
the battery faster.
Instead of discussing these numbers the time could be much better
use to audit the used software (firmware, OS, libs, apps), which
often are the weak link of the security chain.
More information about the Gnupg-users