On 08/25/14 01:05, another wrote: > so as an online backup for the truly paranoid, I'm kinda missing bigger RSA > keys. > I couldn't find anything on the manpages nor on a quick check of the source. > Are there plans to implement this?
No. > Are there specific reasons why it isn't implemented? On 2048-bit RSA, attacks on implementations (e.g., side channels) are far easier than mathematical attacks (aka. factoring). Larger RSA sizes make side channel attacks easier by slowing down the process and reducing the bandwidth required for measurements. In my opinion, 2048-bit RSA is the safest key length available, and the modus operandi for Tarsnap from the start has been "I know crypto, so let me pick the right tools for you to use". -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
