Comparison of RSA vs elliptical keys
sac at 300baud.de
Tue May 12 18:41:27 CEST 2020
Sylvain Besençon via Gnupg-users wrote:
> Le 12.05.20 à 11:24, Johan Wevers a écrit :
> > On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote:
> >> For example, a 256 bit elliptic curve key has a similar strength
> >> to a symmetric key of 128 bits.
> > Until, of course, a working quantum computer with more than a few
> > qubits is constructed. Then ECC is much more vulnerable than RSA or
> > ElGamal due to its smaler keysize (of course once a 256 bit quantum
> > computer gets constructed I would also worry about 8192 bit RSA
> > being vulnerable too in the very near future).
> In the FAQ, it is written:
> > Will GnuPG ever support RSA-3072 or RSA-4096 by default?
> > Probably not. The future is elliptical-curve cryptography, which
> > will bring a level of safety comparable to RSA-16384. Every minute
> > we spend arguing about whether we should change the defaults to
> > RSA-3072 or more is one minute the shift to ECC is delayed.
> > Frankly, we think ECC is a really good idea and we’d like to see it
> > deployed as soon as humanly possible.
> So, I guess the key size is not the only criteria to evaluate the
> strength of a cipher and ECC still provides better results despite
> shorter keys.
> However, I would be interested to know which ECC cipher would you
> recommend to replace RSA. I am not a cryptographer and I don't find
> any information (or more honestly: information that I can understand)
> about Curve 25519, NIST P-256 (and greater), Brainpool, or secp256k1.
I am no cryptographer either, but what I have observed is that most
apps nowadays use djb's Curve 25519. secp256k1 could be interesting
if you have a Bitcoin Wallet or use Bitmessage and want to use those
GnuPG subkeys also for Bitcoin transactions, or for Bitmessage.
 I once send Niibe-san (GnuPG dev.) some Satoshi to his Bitcoin
address, which he has as GnuPG sec256k1 subkey.
Signal (Desktop) +4915172173279
More information about the Gnupg-users