On Tuesday 22 March 2011, Jerome Baum wrote: > Jonathan Ely <thaj...@gmail.com> writes: > > I really wish 8192 would become available. Not that it would be the > > end all/be all of key security but according to your theory it > > sounds much more difficult to crack. > > Take that a few steps further. Why not use > 99999999999999999999999-bit keys? Because they are much more > difficult to compute. In fact if you go above a certain key size, > since IIRC the exponent e is standardized and thus limited, your > discrete logarithm is no longer discrete and so your key security > just vanishes. > > In any case, 4096 bits will be secure for some time to come, and > yes 8192 bits would be even more secure. We can take that as far as > we wish but there are limits in the standard, in compatibility, > and in the current implementation.
Most importantly, there are limits to the size of keys current hardware (in particular all of those smart phone and tablet CPUs) can handle in finite time. You surely do not want to wait tens of seconds to verify a single RSA 8192 signature. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
