2048 or 4096 for new keys? aka defaults vs. Debian

[Peter Lebbing]

> Yes, which leads to another question: why has the default switched from
> ElGamal/DSA to RSA after the RSA patent expired?

Okay, first of all, I'm doing something wrong here, I should group my responses
and think a little longer about it. This is mail, not chat. My apologies.

I think RSA has seen more cryptanalysis than DSA and ElGamal, which is in favour
of RSA.

Also, RSA allows hashes other than SHA-1, whereas with DSA you need to switch to
DSA2. So to get support for other hashes, a switch would be necessary anyway,
and less applications supported DSA2 at the time I believe.

A signature by a 2048-bit DSA key is twice as large as a signature by a 2048-bit
RSA key, but offers the same order of strength.

I think there were discussions about this on the mailing list around the time of
the switch as well, so you could browse through that. Other than that, obviously
only the people who made the switch can tell you exactly why they did that. My
guess is, Werner commented on that when there were discussions here around the
time GnuPG switched from DSA/ElGamal to RSA.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>