2048 or 4096 for new keys? aka defaults vs. Debian

Filip M. Nowak gnupg at oneiroi.net
Sun Oct 27 21:28:30 CET 2013


On 10/27/2013 08:41 PM, Werner Koch wrote:
> On Sun, 27 Oct 2013 17:47, gnupg at oneiroi.net said:
>> Numbers please? Or are you talking about personal/subjective impressions?
> What about you running some benchmarks for us?  Let's say: a 4k RSA key
> signed by 90 other 4k RSA keys, 8 2k RSA keys, and one 8k RSA key.  For
> security reasons key signature chaching has been disabled
> (--no-sig-cache) because you obviously can't accept that in this high
> security theater.  Run encryption+signature tests for 2 recipienst out
> of the set of these 100 keys.

Constructive request; from OS perspective I would rather separate user
which is requesting signature verification from keyring owner so I don't
think that --no-sig-cache is only reasonable option in case of "high
security theater" (this makes setup or creation of a proper service more
cumbersome but still - it's possible). Actually it's hard to call setup
in which one user runs MUA or web browser and owns keyring a "high
security theater".

> Compare that do a set of 2k keys with only one 4k key.
> Run these tests again on an average netbook.

Suggested specs?

> (...)
> p.s.
> Once I did tests with off-the self smartcards.  Signing a mail with 1k
> RSA key using these smartcards took more than one second - it was barely
> unusable for every days mail processing.  Only when we moved to our own
> smartcards (the old AVR based 1k RSA keys) using a smartcards was
> actually usable (<100ms).  You don't want to wait 10 seconds to decrypt
> a thread of 10 mails just to notice that it was only CCed office
> chitchat.

I don't think 1 second threshold is real no-go here. I would say you
have quite high requirements. Also some MUAs can contribute to such
delays visibly - but I don't know to which part of this setup you
hooked-up to measure.


More information about the Gnupg-users mailing list