Recommended key size for life long key
Robert J. Hansen
rjh at sixdemonbag.org
Sun Sep 1 02:43:15 CEST 2013
On 08/31/2013 05:46 AM, Ole Tange wrote:
> The FAQ http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size
> recommends a key size of 1024 bits.
> Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG recommends that.
It shouldn't; NIST recommends 2048 bits for 20 years of security.
NIST notably makes no recommendations past 20 years, as they are deeply
skeptical of their ability to forecast out that far. I suspect your
ability is no greater than theirs is, so I'd be very careful about
declaring a 10K key to be greater than your natural lifespan.
Per NIST, a 2048-bit key is of comparable difficulty to breaking 3DES.
Given the tremendous level of confidence people have in the long-term
suitability of 3DES, I am convinced a 2048-bit key will outlast my
ability to remember the passphrase to it.
More information about the Gnupg-users