-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: | On Jul 6, 2009, at 4:21 AM, martin f krafft wrote: | |> Hey folks, |> |> Two years ago, there was a thread on this list, in which RSA key |> sizes >2048 were discussed [0]. In these two years, the crypto-world |> has been shaken up a bit, and computers got yet a bit more powerful. |> |> 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html |> |> I am trying to decide whether I want to create myself a new RSA key |> and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like |> to use the 8k variant, simply because I postulate that my machines |> can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but |> I don't know if this makes sense in practice. | | It depends on what you're protecting against. For most common cases, | a 8192-bit RSA key is likely so vastly stronger than the rest of your | environment that a smart attacker wouldn't bother to attack it. | They'd just go after what they want via other attacks against you and/ | or your environment. Mind you, the same thing is true for a 2048-bit | RSA key as well. (I'd wager that for many people, the same thing is | also true for a 512-bit RSA key). If you can get the same end result | with a smaller key, you need to ask yourself what the big key actually | buys you. | | If you're looking for a more immediate reason, though, note that if | you make a RSA key larger than 2048 bits you can't use it with the | spiffy new OpenPGP smartcard. | Another reason is that even if increasing my key size to would increase my security in some sense, I do not want my GPG security to be so strong that the black hats would bypass it and torture the key out of me.
- -- ~ .~. Jean-David Beyer Registered Linux User 85642. ~ /V\ PGP-Key: 9A2FC99A Registered Machine 241939. ~ /( )\ Shrewsbury, New Jersey http://counter.li.org ~ ^^-^^ 14:00:01 up 20 days, 49 min, 3 users, load average: 4.05, 4.34, 4.48 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKVN/vPtu2XpovyZoRAsT/AJ4k/O4O517+YH7KYaLevt28VFOT+wCeO5GW 9I/aKv70703nlIyx7PbfJow= =Trab -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
