FAQ change, final draft

Werner Koch wk at gnupg.org
Thu Aug 14 09:32:34 CEST 2014 

On Mon, 11 Aug 2014 19:18, rjh at sixdemonbag.org said:

> visibility/feedback.  If the community approves, I'll be submitting
> this to Werner for inclusion into the FAQ.

Okay, to update the FAQ ?


Shalom-Salam,

   Werner

=====

Q: Why does GnuPG default to 2048-bit RSA?
A: At the time the decision was made, 2048-bit RSA was thought to
   provide reasonable security for the next decade or more while still
   being compatible with the overwhelming majority of the OpenPGP
   ecosystem.

Q: Is that still the case?
A: Largely, yes.  According to NIST Special Publication 800-57,
   published in July 2012, 2048-bit RSA is believed safe until 2030.
   At present, no reputable cryptographer or research group has cast
   doubt on the safety of RSA-2048.  That said, many are suggesting
   shifting to larger keys, and GnuPG will be making such a shift in
   the near future.

Q: What do other groups have to say about 2048-bit RSA?
A: In 2014, the German Bundesnetzagentur fuer Elektrizitaet, Gas,
   Telekommunikation, Post und Eisenbahnen recommended using RSA-2048
   for long-term security in electronic signatures.

   In 2012, ECRYPT-II published their "Yearly Report on Algorithms
   and Keysizes" wherein they expressed their belief RSA-1776 will
   suffice until at least 2020, and RSA-2432 until 2030.

   In 2010, France's Agence Nationale de la Securite des Systems
   d'Information stated they had confidence in RSA-2048 until at
   least 2020.

Q: Is there a general recommendation that 3072-bit keys be used for
   new applications?
A: No, although some respected people and groups within the
   cryptographic community have made such recommendations.  Some
   even recommend 4096-bit keys.

Q: Will GnuPG ever support RSA-3072 or RSA-4096 by default?
A: Probably not.  The future is elliptical-curve cryptography,
   which will bring a level of safety comparable to RSA-16384.
   Every minute we spend arguing about whether we should change
   the defaults to RSA-3072 or more is one minute the shift to
   ECC is delayed.  Frankly, we think ECC is a really good idea
   and we'd like to see it deployed as soon as humanly possible.

Q: I think I need larger key sizes.
A: By all means, feel free to generate certificates with larger keys.
   GnuPG supports up to 4096-bit keys.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list