On 10/24/2013 04:46 PM, Robert J. Hansen wrote: >> Is this zealotry on the Debian front, or something to update in gnupg? > > Mostly zealotry. According to NIST, RSA-2048 is expected to be secure > for about the next 25 years.
To add further to this, the U.S. military uses 2048 bit RSA keys for their Common Access Cards (CAC cards), which are used for system authentication and encrypted email. The certificates that users are issued are good for three years and then they issue a new CAC card to the user. The U.S. Department of Defense (DoD) has multiple root CAs, and I know at least one of them (if not all of them) uses a 2048 bit RSA key that is to be valid through 2029. I am not saying that any one should use 2048 bit RSA because the DoD uses it. It is just a data point. That being said, I am doubtful that classified discussions are being done over email. As far as I know, they use it for sensitive but unclassified information such as personally identifiable information like Social Security Numbers. 3DES + SHA1 + 2048 bit RSA is their preference for email. It does not need to be yours. Cheers, --Paul _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
