(Definitely Godzilla) But why do people tell me that DH, DSA, and RSA
under 2048 are unacceptable?

I have to let my cynicism shine through, unfortunately.

For the vast majority of the population, cryptographic technologies are a giant black box. The popular view is that it's something only accessible to really blindingly smart people, and that these people know better than you. As a result, there is never a shortage of people who read a few web pages, come to a vague understanding of things, declare themselves to be experts, and then preach doom and gloom if you ever even think of violating their recommendations -- because, after all, they're *experts*.

Charlatanry is so commonplace in the crypto world there's even a FAQ entry for it.

With respect to 2048-bit crypto, don't believe the hype. Most users and most purposes will still be well-served with even a 1024-bit key. No one with half a brain is going to bother trying to break RSA-1024; they will instead come up with more effective ways of recovering your message.

But there are some people and some users who have a true need for long-term security in their messages. The current recommendations of NIST, ENISA, RSADSI and others is that RSA-2048 will be safe for the next thirty years. This is long-term security; as such, 2048-bit crypto is generally a good recommendation. Further, 2048-bit keys are small enough that they may be used in smart cards, mobile devices and embedded markets. Basically, RSA-2048 hits the sweet spot.

But don't believe people who preach doom and gloom if you use RSA-1024. Although it's not sufficient for long-term security, it's plenty sufficient to dissuade anyone who doesn't have the resources of a First World government behind them. If you're worried about someone at your ISP reading your email to your girlfriend, RSA-1024 will do the job just fine. If you're worried about the Russian FSB reading your Vladimir Putin slashfiction that you're sending to people in Russia, you might want to use RSA-2048. :)

How can I find whats on my list?

Werner has already given you the default list.  It starts with AES-256.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to