2048 or 4096 for new keys? aka defaults vs. Debian

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 31 21:31:02 CET 2013

On Thu 2013-10-24 15:05:45 -0400, Sylvain wrote:
> I saw a lot of activity in the Debian project about upgrading to a
> 4096 RSA key,
> e.g. http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html
> However GnuPG's default is 2048.

ENISA (the European Union Agency for Network and Information Security)
recently issued a report recommending that non-legacy systems using RSA
start with keys that are >= 3072 bits (see page 30 of the PDF):


Clearly, any OpenPGP implementation needs to deal with legacy systems,
so being able to interact with older, shorter keys is a necessity.  But
the authors of that report do seem to suggest that the default for RSA
keys should be 3072-bits going forward (though they don't mention
OpenPGP explicitly at all).

The fact that the report comes from a fancy governmental web site
doesn't mean it's correct, of course.  I'm just offering it as a data
point in the discussion :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20131031/d3405fc4/attachment.sig>

More information about the Gnupg-users mailing list