On Wed, Jan 4, 2012 at 9:33 AM, Werner Koch <[email protected]> wrote: > On Tue, 3 Jan 2012 21:16, [email protected] said: > >> Werner, is that correct? The card you gave me at FSCONS back in 2009 >> states that 3072 Bits is the maximum key size. I use 2048 Bit keys at > > They state 3072 because that is what GnuPG supported at that time; the > cards supported 4096, though. Since 2.0.18 GnuPG supports 4096 with > those cards. > > There is still no reason to use it 2048 is more than sufficient. IF you > think you need more, you should ask yourself several questions. One of > these questions should be, whether you have checked the chip design and > the firmware of the card.
Quite frankly, I don't think most people need anything more than a 512 bit key. :-) But all the same, to be serious, I suppose it is a bit (just a tiny bit) unsettling that NIST is recommending that everyone move to either very long keys for really secure data or else to ECC: http://www.elliptictech.com/applications-suiteb.php (for example) I know that the request for stupidly, idiotically long key sizes is as old as PGP itself, but all the same, I suspect that these sorts of requests will be more and more common until gpg is capable of supporting the latest "state of the art". Even then, it won't satisfy everyone, but at least we'll be able to say "if it's good enough for NIST....." N. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
