Re: "upgrading" my gpg key

To: debian-devel@lists.debian.org
Subject: Re: "upgrading" my gpg key
From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
Date: Tue, 5 Jan 2010 16:31:34 +0000
Message-id: <[🔎] 20100105163133.GA1074@crustytoothpaste.ath.cx>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20100105102623.GA10024@ikki.ethgen.de>
References: <[🔎] 4B424894.7080208@free.fr> <[🔎] 20100104203537.GD28755@crustytoothpaste.ath.cx> <[🔎] 20100105102623.GA10024@ikki.ethgen.de>

On Tue, Jan 05, 2010 at 11:26:23AM +0100, Klaus Ethgen wrote:
> Am Mo den  4. Jan 2010 um 21:36 schrieb brian m. carlson:
> > For maximum long-term security, I recommend a 3072-bit DSA key
> > (preferably with SHA-512) or a 4096-bit RSA key.
> 
> Hmmm, that advice is a bit odd. RSA is a bit better in security than DSA
> so the length of the DSA key has to be a bit longer than the length of
> the RSA key to have the same strength. Though the difference are only
> little so in practice it makes no real difference.

RFC 4880 states the NIST size requirements for DSA keys.  If NIST
provided a 4096-bit p size, I would recommend that people use that.
Also, GnuPG will not generate a key outside of the range [1024,3072].

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- "upgrading" my gpg key
  - From: Vincent Danjean <vdanjean.ml@free.fr>
- Re: "upgrading" my gpg key
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
- Re: "upgrading" my gpg key
  - From: Klaus Ethgen <Klaus@Ethgen.de>

Prev by Date: Re: Debian vs. Ubuntu source control file
Next by Date: enabling software rendering in libxine
Previous by thread: Re: "upgrading" my gpg key
Next by thread: dpkg 3.0 (quilt) packages not being accepted?
Index(es):
- Date
- Thread