Recommended key size for life long key

Ole Tange tange at
Sun Sep 8 10:32:50 CEST 2013

On Sun, Sep 8, 2013 at 1:53 AM, Robert J. Hansen <rjh at> wrote:
> On 9/7/2013 5:35 PM, Ole Tange wrote:
>> Feel free to let me know if you feel I have left out important concerns.
> You're projecting 87 years into the future.  Why should we have any
> confidence in your analysis?

The short answer: You do not have to trust projection to use the other
findings. If you have a better projection, use that instead.

The projection is based on but I
think you are completely missing the point: The projection is not some
sort of guarantee that 10kbit keys will not be broken before 2100
(which is stressed by using the phrase 'It should be stressed that
this is only a guess'), but simply to give an estimate on what key
size we cannot given our knowledge _today_ say will be broken for
sure. Even if the guess proves to be wrong it will still be better than 4kbit
which seems fairly likely to be broken by 2100 (at least if no attack
is found that renders RSA completely useless). If you can come with a
better supported guess for the key length, that would be great.

Based on the guess that 10kbit has the potential of not being broken
within a person's life span: What problems would you experience if you
chose to use a 10kbit key today instead of a 4kbit key (which seems to
be the common choice - but which we are fairly certain will be broken
before 2100)? THIS (i.e. the problems by using 10kbit today instead of
4kbit) being the focus of the document.

So if you are focusing on the projection of the key size, help me
rephrase the text so you do not focus on that, because that has never
been the intended focus of the document.

> There are a large number of other errors in your write-up, but those two
> questions above are the most critical shortcomings.

Having now addressed that question, please elaborate what other errors you find.


More information about the Gnupg-users mailing list