> I agree that 4096 may seem like overkill, but I think the recommendation > to max out one's RSA key size is defensible. Here's why:
"Defensibility" really doesn't enter into it. My purpose isn't to persuade someone not to use a 4k key: my purpose is to suggest that people think critically about why they want a 4k key and what they think it will give them that a 2k key does not. > I agree that an awful lot of fuss is made over key length, sometimes to > the exclusion of other, much more likely attack vectors. However, until > someone describes for me a compelling reason NOT to bump key length up > to 4096, my view remains: "Why not?" And this is where I part ways with you. There is no reason not to bump key length up to 4096. There is also no reason not to use SHA512 with a DSA-1k key, for instance. Sure, only 160 bits of SHA512 will be used, but that's not a reason not to use it. It's not as if you're making the system weaker. IME, engineering starting from a base maxim of, "why not?", ultimately leads to curious things that leave you scratching your head (like the aforementioned, "why are you using SHA512 with DSA-1K?"). This is why I would much rather start from a base maxim of, "why?" I'd much rather be accused of favoring minimalism than maximalism. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
