On Wed, 21 Dec 2005, Aleksandar Milivojevic wrote:
From the security standpoint, more bits do not buy you more security.
Having 16k key or 2k key will buy you about the same security. It is
not all in the key lenght. My opinion is, just use 2k key. It will
serve you well. I generated one 4k key some time ago, and have almost
never used it. Looking back, that was really pointless thing to do.
======================
to paraphrase bruce schneier: what's more secure? a fence that's a
thousand feet tall or a fence that's ten thousand feet tall?
that said, computers keep getting faster and attacks keep getting better.
back in the early days of PGP(tm) a 1024 bit key would have been
considered bigger than you'd ever need. history has shown that 1024 bit
keys are now generally considered the smallest key you'd want to use, and
may not be "safe" over the course of the next 10-20 years.
the thing to bear in mind, though, is that a 2048 bit key isn't *just*
twice as strong as a 1024 bit key... (according to my math, please correct
me if i'm wrong) it's this many times stronger:
17976931348623159077293051907890247336179769789423065727343008115773\
26758055009631327084773224075360211201138798713933576587897688144166\
22492847430639474124377767893424865485276302219601246094119453082952\
08500576883815068234246288147391311054082723716335051068458629823994\
7245938479716304835356329624224137216
a 1025 bit key (if there was such a thing) would be [merely] twice as
strong as a 1024 bit key. a 1028 bit key would be 16 times stronger.
compared to a 1024 bit key, a 4096 bit key is stronger by a number that's
represented by (about) 4624 decimal digits. since no one has publicly
broken a 1K key i feel pretty safe using 2K keys for everyday stuff.
also, anyone considering huge keys should read this section from the
diceware FAQ - <http://world.std.com/~reinhold/dicewarefaq.html#128-bit>
and remember that breaking a key is the hardest way to "break" pgp...
there are a lot of easier methods, such as key-loggers and spy-cameras.
--
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"What sane person could live in this world and not be crazy?"
-- Ursula K. LeGuin
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
