Exactly. Computation time is nothing nowadays. If that was the case, those who use 1024 bit keys I would think still use the SHA1 hash algorithm. But now people such as myself use SHA512 and 4096 bit RSA keys, and if I could use a 8192 bit RSA key and the new SHA512/256 algorithm that I think was published just this past 02 February I would.
On 22/03/2011 10:19 AM, lists.gn...@mephisto.fastmail.net wrote: > On Sat, Mar 19, 2011 at 11:36:57PM -0400 Also sprach Robert J. Hansen: >> On 3/19/11 10:34 PM, Jonathan Ely wrote: >> >>> but be sure to set your preferences and choose a 4096 over 2048. >> >> Why? This is like saying, "I like the bank vault on my front door, but >> I wish it was thicker: I want the extra security." Key length is only a >> small part (arguably the smallest part) of communications security. >> > > I agree that 4096 may seem like overkill, but I think the recommendation > to max out one's RSA key size is defensible. Here's why: > > 1. Modern computers are fast; it costs us almost nothing in terms of > computation time to use a 4096-bit key. > > 2. Modern computers are fast, and getting faster all the time; remember > that your security margin may need to be good not just today, but > against all the attacks that are possible in the future, for as long > as your data needs to remain secure (decades, for some people). Once > upon a time, 1024-bit keys were considered perfectly adequate; most > experts urge against generating keys today with that strength. > > I agree that an awful lot of fuss is made over key length, sometimes to > the exclusion of other, much more likely attack vectors. However, until > someone describes for me a compelling reason NOT to bump key length up > to 4096, my view remains: "Why not?" > > Special case, relating to this thread's original question: > > Some software which is designed to interface with GnuPG, or otherwise > implement PGP keys, may not support arbitrary key lengths. > E.G. Evolution used to have a 160-bit hash hard-coded into it's gnupg > integration (it may still--I haven't used Evolution in a while), which > meant that to remain DSS-compliant, you could only sign email with a > 1024-bit DSA key. DSA-2 keys could not be supported directly by > Evolution. You could circumvent the key-stregth limit by using an RSA > key as long as you liked. However, in cases when a particular piece of > software may require use of a key which does not meet your general-use > criteria, for whatever reason, generating a sub-key which meets the > requirements can allow you to use the specific feature you need, while > still enabling you to use other sub-keys for less restrictive > applications. > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users