<div dir="auto"><div>Thank you for your excellent response.</div><div dir="auto"><br></div><div dir="auto">I laid out my scenario.</div><div dir="auto">>> </div><div dir="auto"><span style="font-family:sans-serif">RSA keys have the default maximum length of </span></div><span style="font-family:sans-serif">8192 set at compile-time.</span><div dir="auto"><font face="sans-serif">>></font></div><div dir="auto"><font face="sans-serif">Perfect. that was the answer that<br></font><div dir="auto"><div dir="auto">I was looking for.</div><div dir="auto">My "risk scenario" was an attempt to understand the maximum defaults of the current maximum protection available in the standard distributed packages.</div><div dir="auto"><br></div><div dir="auto">From the position of a data scientist, I am trying to compute the security available. ;)</div><div dir="auto"><br></div><div dir="auto">Thank you... 8196 on an RSA key. :)</div><div dir="auto"><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Fri, May 1, 2020, 12:01 Konstantin Ryabitsev <<a href="mailto:konstantin@linuxfoundation.org">konstantin@linuxfoundation.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Thu, Apr 30, 2020 at 11:07:11PM -0400, Barry Smith via Gnupg-users wrote:<br>
> Let me continue by explaining some back up information for my <br>
> question.<br>
> - I am asking in terms of the latest standards implemented in distros and<br>
> Windows .exe auto-install packages.<br>
> - I am trying to create a group calendar file and app for a private group.<br>
> - Original concept for my project -- use an annual calendar file that has<br>
> December (year minus 1) to January (year plus 1), so 14 months of days. I<br>
> want one keypair per day for the group.<br>
<br>
I'm not sure what kind of risk scenario you're working against, but this <br>
sounds extreme and will probably have all sorts of usability corner <br>
cases.<br>
<br>
> SO, users, help!<br>
> I need to know the absolute longest key that GnuPG can create RIGHT <br>
> NOW.<br>
<br>
It depends on the algorithm. RSA keys have the default maximum length of <br>
8192 set at compile-time. Elliptic Curve cryptography requires much <br>
shorter keys, so maximums will be different there.<br>
<br>
In general, the length of the key is only part of the picture when we're <br>
talking about encryption "strength." Many cryptographers consider RSA <br>
keys longer than 2048 bits to be a "feel-good security theatre", because <br>
classical computers are not likely to be able to successfully break <br>
2048-bit keys in the foreseeable future, even given state-level funding. <br>
If/once we get to the point where quantum computers are powerful enough <br>
to defeat 2048-bit RSA, then we should consider all classical public-key <br>
crypto irreversibly compromised (RSA, DSA, ECC, etc) -- longer keypair <br>
lengths will merely buy a bit of time before failing to cryptanalysis.<br>
<br>
So, if you want decent modern-day encryption, use 256-bit ECC keys and <br>
don't worry about key lengths longer than 256 (or 4096 for RSA).<br>
<br>
-K<br>
</blockquote></div></div></div></div></div>