2048 or 4096 for new keys? aka defaults vs. Debian

[Mark Schneider]

Am 27.10.2013 20:41, schrieb Werner Koch:
> On Sun, 27 Oct 2013 17:47, gnupg at oneiroi.net said:
>
>> Numbers please? Or are you talking about personal/subjective impressions?
> What about you running some benchmarks for us?  Let's say: a 4k RSA key
> signed by 90 other 4k RSA keys, 8 2k RSA keys, and one 8k RSA key.  For
> security reasons key signature chaching has been disabled
> (--no-sig-cache) because you obviously can't accept that in this high
> security theater.  Run encryption+signature tests for 2 recipienst out
> of the set of these 100 keys.
>
> Compare that do a set of 2k keys with only one 4k key.
>
> Run these tests again on an average netbook.
Are there formal reasons why the max length of the RSA key is limited in 
gnupg[2] linux packages to 4096 Bits only?

One thing are the available performance and sane defaults, the other one 
the available security.
(without patching the source code and rebuilding packages)

The max length of the key does not have anything to do with zero-exploits.
When collecting tons of data there is only this data .. nothing else to 
break in.

I don't trus NIST myself and I guess most of you know why.
The question is if similar institution in Europe, Asia, Africa or 
Australia cen be trusted more.

> Shalom-Salam,
>
>     Werner
>
>
> p.s.
> Once I did tests with off-the self smartcards.  Signing a mail with 1k
> RSA key using these smartcards took more than one second - it was barely
> unusable for every days mail processing.  Only when we moved to our own
> smartcards (the old AVR based 1k RSA keys) using a smartcards was
> actually usable (<100ms).  You don't want to wait 10 seconds to decrypt
> a thread of 10 mails just to notice that it was only CCed office
> chitchat.

Kind regards, Mark

-- 
ms at it-infrastrukturen.org

http://rsync.it-infrastrukturen.org