2048 or 4096 for new keys? aka defaults vs. Debian
Werner Koch
wk at gnupg.org
Sun Oct 27 20:41:19 CET 2013
On Sun, 27 Oct 2013 17:47, gnupg at oneiroi.net said:
> Numbers please? Or are you talking about personal/subjective impressions?
What about you running some benchmarks for us? Let's say: a 4k RSA key
signed by 90 other 4k RSA keys, 8 2k RSA keys, and one 8k RSA key. For
security reasons key signature chaching has been disabled
(--no-sig-cache) because you obviously can't accept that in this high
security theater. Run encryption+signature tests for 2 recipienst out
of the set of these 100 keys.
Compare that do a set of 2k keys with only one 4k key.
Run these tests again on an average netbook.
Shalom-Salam,
Werner
p.s.
Once I did tests with off-the self smartcards. Signing a mail with 1k
RSA key using these smartcards took more than one second - it was barely
unusable for every days mail processing. Only when we moved to our own
smartcards (the old AVR based 1k RSA keys) using a smartcards was
actually usable (<100ms). You don't want to wait 10 seconds to decrypt
a thread of 10 mails just to notice that it was only CCed office
chitchat.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list