On 28-09-2015 22:26, Robert J. Hansen wrote: > RSA-3072 is not all that much stronger than RSA-2048, and RSA-4096 adds even > less.
AFAIK RSA-3072 (and ElGamal-3072) are comparable to AES-128. That's strong enough for the forseable future; the only known thing they are vyulnerable to (except for rubber-hose cryptography, keyloggers and other "cheats") is a working quantum computer But if we have that, this: > The future is clear: 512-bit ECC, which is about as resistant to > brute-forcing as AES256. won't help either and you need things like lattice cryptography (with even bigger keys unfortunately). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
