[LCA2015-Chat] keysigning party
Aníbal Monsalve Salazar
anibal at debian.org
Thu Dec 18 20:49:10 EST 2014
On Thu, 2014-12-18 10:56:49 +1100, Sharif Olorin wrote:
> Excerpts from Aníbal Monsalve Salazar's message of 2014-12-17 21:36:25 +1100:
>> May I suggest to include *only* 4K (or larger) RSA keys for the LCA2015
>> keysigning party?
>
> Why is this? I wasn't aware of any RSA break which would render 2048-bit
> keys any less secure than 4096-bit keys for the forseeable future (brute
> force is still ludicrously out of reach). I don't think there's a reason
> to exclude people with well-established 2048-bit keys just yet.
The difference is ~10 years less protection for a 2048-bit key compared
with a 4096-bit key.
A 2048-bits key will give you protection for ~20 years and a 4096-bits
key ~30 years (assuming the attacker doesn't have access to quantum
computers) according to the ECRYPT II Yearly Report on Algorithms and
Keysizes (2011-2012).
European Network of Excellence in Cryptology II
ECRYPT II Yearly Report on Algorithms and Keysizes (2011-2012)
Chapter 7, Recommended key sizes
http://www.ecrypt.eu.org/documents/D.SPA.20.pdf
In Debian the recommended primary key length is 4096-bits. 2048-bit keys
are still accepted only because the limitation of the openpgp smart
cards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.lca2015.linux.org.au/pipermail/chat/attachments/20141218/38187342/attachment.sig>
More information about the Chat
mailing list