On Wed, Feb 20, 2013 at 01:41:03PM -0500, James Cloos wrote: > >>>>> "RHJ" == Robin H Johnson <robb...@gentoo.org> writes: > > RHJ> 2. Root key type of RSA, 4096 bits > rsa 4k provides no real benefits over rsa 3k here; it is just slower > for everyone, signing or verifying. You can shorten the subkeys, but the root key should ONLY be used for certifications & key operations, not signing of external objects.
The subkeys should be used for the external objects, and that's where you'd shorten if you really wanted. However, I'd suggest you not bother. > Cf, eg, http://www.nsa.gov/business/programs/elliptic_curve.shtml which > recommends rsa 3k for use with aes128/sha256, rsa 7k for aes192/sha384 > and rsa 15k for aes256/sha512. > > If 3k provides comparable security to aes128 and sha256, and one needs > to more than double the rsa key length to compare with aes192 and sha384, > there is no reason to bother with rsa 4k. Speed for i7-2600K CPU: DSA1024 0.007980s DSA2048 0.011940s DSA3072 0.013530s RSA1024 0.007000s RSA2048 0.012290s RSA3072 0.018420s RSA4096 0.030800s 30ms is still an acceptable signing time - not noticeably different than RSA2048/RSA3072. Better question to all of this, is there somebody with a PGP smartcard that can do the same tests? I'll provide some scripts for the testcase itself, but you'll have to see about generating a bunch of keys on the smartcard, which might be problematic. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
