Am 27.10.2013 20:41, schrieb Werner Koch:
On Sun, 27 Oct 2013 17:47, gn...@oneiroi.net said:

Numbers please? Or are you talking about personal/subjective impressions?
What about you running some benchmarks for us?  Let's say: a 4k RSA key
signed by 90 other 4k RSA keys, 8 2k RSA keys, and one 8k RSA key.  For
security reasons key signature chaching has been disabled
(--no-sig-cache) because you obviously can't accept that in this high
security theater.  Run encryption+signature tests for 2 recipienst out
of the set of these 100 keys.

Compare that do a set of 2k keys with only one 4k key.

Run these tests again on an average netbook.
Are there formal reasons why the max length of the RSA key is limited in gnupg[2] linux packages to 4096 Bits only?

One thing are the available performance and sane defaults, the other one the available security.
(without patching the source code and rebuilding packages)

The max length of the key does not have anything to do with zero-exploits.
When collecting tons of data there is only this data .. nothing else to break in.

I don't trus NIST myself and I guess most of you know why.
The question is if similar institution in Europe, Asia, Africa or Australia cen be trusted more.

Shalom-Salam,

    Werner


p.s.
Once I did tests with off-the self smartcards.  Signing a mail with 1k
RSA key using these smartcards took more than one second - it was barely
unusable for every days mail processing.  Only when we moved to our own
smartcards (the old AVR based 1k RSA keys) using a smartcards was
actually usable (<100ms).  You don't want to wait 10 seconds to decrypt
a thread of 10 mails just to notice that it was only CCed office
chitchat.

Kind regards, Mark

--
m...@it-infrastrukturen.org

http://rsync.it-infrastrukturen.org


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to