On 06/25/2014 02:25 AM, Werner Koch wrote: > This misunderstanding is actually an indication of the problem. You are > talking 4096 vs. 2048 while the more important case is to read the > security announcements and update your gpg.
That's a great point. I've just proposed a pull request on that page to emphasize keeping your GnuPG implementation up-to-date. however, if you *do* keep your software up-to-date, it would be a shame for the crypto itself to be flawed enough to be broken by a well-resourced attacker. So standardizing on stronger crypto by default seems reasonable to me. The point is to ensure that the math itself is not the weak point. > I wonder why the keysize triggers bikeshedding discussions in all > security groups. After all the majority of us (including me) has not > the education and experience to select the color (i.e. crypto math) on > their own. These choices are not pulled out of thin air or made up out of arbitrary fancy. There are people who do have the education and experience to determine reasonable keysizes, like the ECRYPT project. http://www.ecrypt.eu.org/ http://www.ecrypt.eu.org/documents/D.SPA.20.pdf suggests (on pages 30-32) that the current GnuPG default of 2048-bit RSA provides roughly 103-bit-equivalent security, which falls in the middle of "legacy standard level" (≈10 years of protection) and "medium-term protection" (≈20 years of protection). ECRYPT's "Good, generic application-indep. recommendation" is at the 128-bit level, which they note for RSA keys is 3248 bits. The Riseup guide suggests a marginally more conservative 4096-bit RSA keysize. In practice, i've never found a modern cryptographic system that can't handle 4096-bit RSA keys. I have, however, found modern systems that *can't* deal with 3248-bit RSA keys (X.509 certificate authorities who expect the bitlength of any key to be a power of two for some unknown and probably stupid reason). So if we want to make a good, generic recommendation, the riseup recommendation doesn't seem to be a bad one to me based on my reading of ECRYPT II. Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
