Debian encouraging use of 4096 bit RSA keys
Henrique de Moraes Holschuh
hmh at debian.org
Tue Sep 14 11:01:22 EDT 2010
On Tue, 14 Sep 2010, Perry E. Metzger wrote:
> The decision that 1024 bit keys are inadequate for code signing is
> likely reasonable. The idea that 2048 bits and not something between
> 1024 bits and 2048 bits is a reasonable minimum is perhaps arguable.
> One wonders what security model indicated 4096 bits is the ideal
> length....
Key lifetime in Debian can be very long, 10 to 15 years.
I'd appreciate some input from this list about the Debian bias towards 4096
RSA main keys, instead of DSA2 (3072-bit) keys. Is it justified?
These keys are used as KSK, as gpg will happily attach subkeys to them
for the grunt work...
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list