Re: 2048 or 4096 for new keys? aka defaults vs. Debian [doc patch]
On Sun, 27 Oct 2013 00:29, r...@sixdemonbag.org said: Hi! I'm the quasi-official FAQ maintainer. You can read the current text of the FAQ at: While we are at it. What about making it the official one, i.e. change the licenses to CC-by-ca/GPL? Given the importance of a FAQ I think we should not longer delay it - even if old links to certain questions won't any longer work. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2048 or 4096 for new keys? aka defaults vs. Debian [doc patch]
Hi, On Sat, Oct 26, 2013 at 06:29:26PM -0400, Robert J. Hansen wrote: On 10/26/2013 3:40 PM, Sylvain wrote: Thanks for your answer. To foster spending less time on these discussions, how about this? :) Hi! I'm the quasi-official FAQ maintainer. You can read the current text of the FAQ at: https://github.com/rjhansen/gpgfaq/blob/master/gpgfaq.xml Excerpting from it: Q: How large should my key be? A: The overwhelming majority of users will be well-served by generating 2048-bit RSA keys. This is the default behavior for GnuPG. Although we appreciate your patch for the FAQ, it would probably be better to submit a patch against the in-development FAQ as opposed to the old one, which is no longer being maintained. :) Since it's the 3rd or 4th format of the FAQ that I come accross in the past 24h, I'm just giving the full text, adapt it however you like :) GnuPG comes with a default recommended preset, which 2048 bits primary RSA key as of 2013. There are regularly discussions about using 4096 primary RSA keys. Well, there is no benefit of overly large keys on average computers. After all the goal is not to have large key but to protect something. Now, if you want to protect something you need to think like the attacker - what will an attacker do to get the plaintext (or fake a signature)? Spend millions on breaking a few 2k keys (assuming this is at all possible within the next decade) or buy/develop/use a zero-day exploit? Also, 4096 keys have a few inconveniences: they increase the size of the signatures and thus make the keyrings longer and, worse, computing the web of trust takes much longer - not on your high end desktop machine but on old laptops, and phones where it drains the battery faster. Instead of discussing these numbers the time could be much better use to audit the used software (firmware, OS, libs, apps), which often are the weak link of the security chain. Cheers! Sylvain ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2048 or 4096 for new keys? aka defaults vs. Debian [doc patch]
Hi Werner, On Sat, Oct 26, 2013 at 02:13:15PM +0200, Werner Koch wrote: Instead of discussing these numbers the time could be much better use to audit the used software (firmware, OS, libs, apps). Thanks for your answer. To foster spending less time on these discussions, how about this? :) --- faq.org.orig2013-10-26 21:37:35.500209973 +0200 +++ faq.org 2013-10-26 21:37:25.340945491 +0200 @@ -244,22 +244,27 @@ :CUSTOM_ID: what-is-the-recommended-key-size :END: -1024 bit for DSA signatures; even for plain Elgamal signatures. -This is sufficient as the size of the hash is probably the weakest -link if the key size is larger than 1024 bits. Encryption keys may -have greater sizes, but you should then check the fingerprint of -this key: +GnuPG comes with a default recommended preset, which 2048 bits +primary RSA key as of 2013. -: $ gpg --fingerprint user ID +There are regularly discussions about using 4096 primary RSA keys. +Well, there is no benefit of overly large keys on average +computers. After all the goal is not to have large key but to +protect something. Now, if you want to protect something you need +to think like the attacker - what will an attacker do to get the +plaintext (or fake a signature)? Spend millions on breaking a few +2k keys (assuming this is at all possible within the next decade) +or buy/develop/use a zero-day exploit? -As for the key algorithms, you should stick with the default (i.e., -DSA signature and Elgamal encryption). An Elgamal signing key has -the following disadvantages: the signature is larger, it is hard -to create such a key useful for signatures which can withstand some -real world attacks, you don't get any extra security compared to -DSA, and there might be compatibility problems with certain PGP -versions. It has only been introduced because at the time it was -not clear whether there was a patent on DSA. +Also, 4096 keys have a few inconveniences: they increase the size +of the signatures and thus make the keyrings longer and, worse, +computing the web of trust takes much longer - not on your high +end desktop machine but on old laptops, and phones where it drains +the battery faster. + +Instead of discussing these numbers the time could be much better +use to audit the used software (firmware, OS, libs, apps), which +often are the weak link of the security chain. ** Why does it sometimes take so long to create keys? :PROPERTIES: Cheers! Sylvain ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2048 or 4096 for new keys? aka defaults vs. Debian [doc patch]
On 10/26/2013 3:40 PM, Sylvain wrote: Thanks for your answer. To foster spending less time on these discussions, how about this? :) Hi! I'm the quasi-official FAQ maintainer. You can read the current text of the FAQ at: https://github.com/rjhansen/gpgfaq/blob/master/gpgfaq.xml Excerpting from it: Q: How large should my key be? A: The overwhelming majority of users will be well-served by generating 2048-bit RSA keys. This is the default behavior for GnuPG. Although we appreciate your patch for the FAQ, it would probably be better to submit a patch against the in-development FAQ as opposed to the old one, which is no longer being maintained. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users