[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from keyring-maint

On Tue, Sep 14, 2010 at 09:59:16AM +0200, Marco d'Itri wrote:
> On Sep 14, Gunnar Wolf <gwolf@debian.org> wrote:
> > pushing Debian towards adopting stronger RSA keys - We have accepted
> > some 2048R keys, but if you don't have a real reason to keep your key
> > at that size (i.e. you very often build on underpowered machines where
> > a 4096R key takes forever, or something like that), we really prefer
> > to go with 4096R keys.
> I would like to know the process which lead to selecting these figures.

I suspect that those figures are because 2048 bits is the default size
for RSA keys and 4096 bits is the largest size that GnuPG supports.
Some specially patched versions of PGP can support keys of up to 16384
bits, but IIRC those are all v3 RSA keys, which aren't allowed anymore.

Personally, I can't see a reason that using an RSA 4096 bit key should
be that painful even on very slow machines.  You're performing a *single
RSA encrypt operation* per signature.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: