[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "upgrading" my gpg key

On Tue, Jan 05, 2010 at 11:26:23AM +0100, Klaus Ethgen wrote:
> Am Mo den  4. Jan 2010 um 21:36 schrieb brian m. carlson:
> > For maximum long-term security, I recommend a 3072-bit DSA key
> > (preferably with SHA-512) or a 4096-bit RSA key.
> Hmmm, that advice is a bit odd. RSA is a bit better in security than DSA
> so the length of the DSA key has to be a bit longer than the length of
> the RSA key to have the same strength. Though the difference are only
> little so in practice it makes no real difference.

RFC 4880 states the NIST size requirements for DSA keys.  If NIST
provided a 4096-bit p size, I would recommend that people use that.
Also, GnuPG will not generate a key outside of the range [1024,3072].

brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: