Control: severity 800560 normal On Wed 2015-09-30 17:32:36 -0400, Gionatan Vianello wrote: > Package: gnupg > Version: 1.4.18-7 > Severity: important > > gnupg can generate RSA keys up to 16384 bits length. > On the new version there are some limitations to create large RSA keys. > Using old versions could generate long keys up to 16384 bits. > > A limitation of key size is not right and can help NSA.
It's not clear that anyone believes that the NSA is capable of breaking a 4096-bit RSA keys. With the version of GnuPG that you have installed in stable (as well as with the version in unstable and in testing) you should already be able to generate 8192-bit keys in --batch mode (see --enable-large-rsa in gpg(1) and the section on Unattended Key Generation in /usr/share/doc/gnupg/DETAILS.gz). RSA keys that are larger than 8192 bits will be very expensive to use (even for public key use) and provide little realistic additional protection -- the defensive advantage against a powerful attacker per bit falls off as the key sizes increase in RSA. GnuPG is interested in interoperating with other tools, and generating extremely large keys is likely to impose costs on those users without any useful gains for the ecosystem at large. So i'm closing this bug, because (a) it's actually possible to generate larger keys already for people who believe they need more than 4096 bits, and (b) there needs to be a limit somewhere to avoid resource exhaustion, and 8192 seems like a reasonable place for that limit for RSA. Regards, --dkg