On Thu 2013-10-24 15:05:45 -0400, Sylvain wrote: > I saw a lot of activity in the Debian project about upgrading to a > 4096 RSA key, > e.g. http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html > > However GnuPG's default is 2048.
ENISA (the European Union Agency for Network and Information Security) recently issued a report recommending that non-legacy systems using RSA start with keys that are >= 3072 bits (see page 30 of the PDF): http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report Clearly, any OpenPGP implementation needs to deal with legacy systems, so being able to interact with older, shorter keys is a necessity. But the authors of that report do seem to suggest that the default for RSA keys should be 3072-bits going forward (though they don't mention OpenPGP explicitly at all). The fact that the report comes from a fancy governmental web site doesn't mean it's correct, of course. I'm just offering it as a data point in the discussion :) --dkg
pgpqnyx21ibA1.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
