On Wed, 2010-09-15 at 15:14 +0200, Marco d'Itri wrote: > I suppose that this was not the result of cargo cult engineering, so if > these new recommended key values have been selected as the result of a > process I am curious to know the rationale which lead to the choice. > It really looks like a simple question to me. I guess the reason is probably quite easy, isn't it? - 4096 bit is what can be created with gnupg, without any patching and it is supported to be used by all major RFC 4880 implementations (without any patching). - The primary key should be only used for signing other keys anyways, and dedicated signing subkeys to sign data. Therefore it's not a big deal (performance-wise) if the primary is "very large". - One can clearly expect that computation-power advances, and lower keysizes won't be enough in the future (even 4096 at some point of time). As long as ECC is not available in OpenPGP (and well tested in GnuPG), it also makes sense to me to suggest RSA instead of DSA1/2. Attached is a mail from Werner at the metzdowd list, which nicely explains why. Cheers, Chris.
Re: Debian encouraging use of 4096 bit RSA keys.mbox
Description: S/MIME cryptographic signature