Recommended key size for life long key
ekleog at gmail.com
Mon Sep 9 00:54:28 CEST 2013
On Sun, Sep 08, 2013 at 06:29:01PM -0400, Robert J. Hansen wrote:
> A factor of 125 is so small as to be irrelevant.
Well... If factoring takes a month, with the factor of 125, it takes ten years.
Seems not that irrelevant to me.
Of course, this is made using completely made up numbers, as I do not at all
know how fast QC will be able to do the factoring.
> The real obstacle is that Shor's algorithm requires 2n qubits to be
> formed in an ensemble, so you'd be going from requiring a 4k quantum
> computer to a 20k quantum computer. Given decoherence, that might
> amount to a much more insurmountable obstacle. Still, my money is on QC.
Strangely enough, I would have thought 4k qubits would be quite a huge need,
thus meaning we would have overcome the major problems with decoherence.
But, again, not being a quantum physicist, I cannot be relied upon on that
> The problem is the exact same thing can be said for RSA-2048. RSA-2048
> is expected to last at least the next 25 years; it may last for the next
> century. Hard to say. Depends a lot on the progression of science
> fiction level technologies, like quantum computation. And again, anyone
> trying to predict out past about 25 years needs to explain why they are
> able to do this where NIST, RSA Data Security, and so many others have
> failed to be able to do this.
You are right, we do not know whether RSA-2048 will hold or not. The only point
I was saying was that RSA-10k will quite likely (even more likely than NIST's
predictions, IMHO) resist at least as long as RSA-2048.
That said, everything is a matter of preference. The only reason I would see for
using a 10k key would be in order to encrypt or sign documents that should be
valid for years -- more years than what we are able to forecast. Because,
unfortunately (or not, depending on the viewpoint), cryptanalysis is
That said, cheers !
More information about the Gnupg-users