On Jul 6, 2009, at 4:21 AM, martin f krafft wrote:
Hey folks,
Two years ago, there was a thread on this list, in which RSA key
sizes >2048 were discussed [0]. In these two years, the crypto-world
has been shaken up a bit, and computers got yet a bit more powerful.
0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html
I am trying to decide whether I want to create myself a new RSA key
and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like
to use the 8k variant, simply because I postulate that my machines
can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but
I don't know if this makes sense in practice.
It depends on what you're protecting against. For most common cases,
a 8192-bit RSA key is likely so vastly stronger than the rest of your
environment that a smart attacker wouldn't bother to attack it.
They'd just go after what they want via other attacks against you and/
or your environment. Mind you, the same thing is true for a 2048-bit
RSA key as well. (I'd wager that for many people, the same thing is
also true for a 512-bit RSA key). If you can get the same end result
with a smaller key, you need to ask yourself what the big key actually
buys you.
If you're looking for a more immediate reason, though, note that if
you make a RSA key larger than 2048 bits you can't use it with the
spiffy new OpenPGP smartcard.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
