Recommended key size for life long key

Josef Schneider josef at netpage.dk
Sun Sep 1 13:12:20 CEST 2013


I just use 4096 bit because that is the biggest size my OpenPGP Cards can
handle.  In my opinion using a smart card instead of online keys increase
security far more than strange large key sizes!
I also see no point using less than 4096 because modern hardware is fast
enough. Maybe my keys last longer that way.
Am 01.09.2013 02:43 schrieb "Robert J. Hansen" <rjh at sixdemonbag.org>:

> On 08/31/2013 05:46 AM, Ole Tange wrote:
> > The FAQ
> http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size
> > recommends a key size of 1024 bits.
> >
> > Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG
> recommends that.
>
> It shouldn't; NIST recommends 2048 bits for 20 years of security.
>
> NIST notably makes no recommendations past 20 years, as they are deeply
> skeptical of their ability to forecast out that far.  I suspect your
> ability is no greater than theirs is, so I'd be very careful about
> declaring a 10K key to be greater than your natural lifespan.
>
> Per NIST, a 2048-bit key is of comparable difficulty to breaking 3DES.
> Given the tremendous level of confidence people have in the long-term
> suitability of 3DES, I am convinced a 2048-bit key will outlast my
> ability to remember the passphrase to it.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130901/ab84be73/attachment.html>


More information about the Gnupg-users mailing list