Snoken wrote: > I suppose this means that 1024 bit RSA-keys are ridiculous > and the Open PGP Card is a joke. And what about all web sites > protected by SSL with a 1024-bit RSA-certificate?
This seems to be more-or-less on schedule: http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths IF you have a life-long digital secret that you want to protect from people with hundreds of millions of dollars to spend, and you insist on using RSA public key encryption to protect it during transit over the internet, then you need to use RSA 15,360 (not a typo) + AES 256 + hope. But, I think RSA 3072 + AES 128 should be good enough to get you a waterboarding ticket; even RSA 1024 + 3DES would result in spyware or a key logger on your client machine to prevent them from having to fill up the bucket. Regarding HTTPS: If you go to any SSL certificate vendor, you will see them talking only about "256 bit SSL" and they usually have no recommendations at all regarding the RSA key length. The certificate vendors treat HTTPS as a marketing feature and not a security feature. As a result, the RSA 1024 + AES 256 is the most common combination I see when I'm browsing with Firefox. I cannot find it in the specs right now, but I think that even the latest S/MIME and PGP/MIME specs only require implementations to support RSA keys sizes up to 2048 bits. I have used 4096 bit keys for (Thawte Freemail) S/MIME certificates in Thunderbird and Outlook 2003 without problems. Regards, Brian _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
