Problems using 10kbit keys in GnuPG instead of 4kbit keys
wk at gnupg.org
Tue Sep 10 11:07:12 CEST 2013
On Mon, 9 Sep 2013 21:41, pete at heypete.com said:
> Werner would change the hard-coded maximum keysize from the current
> 4096 to, say 8192 (or 15,360 or 16,384) bits so that users who desired
As of now I see no reason at all to lift this limit. It is there for a
good reason, namely making crypti accessible to all people.
There are several problems with overlong encryption keys, to name just
- If you use an 8k encryption key you should also use an 8k primary
certification key because that is the key which is used to keep the
parts of an OpenPGP keyblob together. Without that it is easy to
slip in another encryption key. Now, 8k RSA signatures are a pain in
the registers. It takes too long to verify the hundreds of
signatures people have on their keyrings - even on fast machines.
- Some MUA decrypt messages on the fly while you are browsing through
all the new mails - if that takes too long due to the many 8k keys,
it makes the MUA unusable.
But thank you, Ole, that you trust our coding capabilities more than the
strong math of an 2K RSA key. I am not sure whether this is justified,
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users