| 1 |
On Wed, Feb 20, 2013 at 01:41:03PM -0500, James Cloos wrote: |
| 2 |
> >>>>> "RHJ" == Robin H Johnson <robbat2@g.o> writes: |
| 3 |
> |
| 4 |
> RHJ> 2. Root key type of RSA, 4096 bits |
| 5 |
> rsa 4k provides no real benefits over rsa 3k here; it is just slower |
| 6 |
> for everyone, signing or verifying. |
| 7 |
You can shorten the subkeys, but the root key should ONLY be used for |
| 8 |
certifications & key operations, not signing of external objects. |
| 9 |
|
| 10 |
The subkeys should be used for the external objects, and that's where |
| 11 |
you'd shorten if you really wanted. However, I'd suggest you not bother. |
| 12 |
|
| 13 |
> Cf, eg, http://www.nsa.gov/business/programs/elliptic_curve.shtml which |
| 14 |
> recommends rsa 3k for use with aes128/sha256, rsa 7k for aes192/sha384 |
| 15 |
> and rsa 15k for aes256/sha512. |
| 16 |
> |
| 17 |
> If 3k provides comparable security to aes128 and sha256, and one needs |
| 18 |
> to more than double the rsa key length to compare with aes192 and sha384, |
| 19 |
> there is no reason to bother with rsa 4k. |
| 20 |
Speed for i7-2600K CPU: |
| 21 |
DSA1024 0.007980s |
| 22 |
DSA2048 0.011940s |
| 23 |
DSA3072 0.013530s |
| 24 |
RSA1024 0.007000s |
| 25 |
RSA2048 0.012290s |
| 26 |
RSA3072 0.018420s |
| 27 |
RSA4096 0.030800s |
| 28 |
|
| 29 |
30ms is still an acceptable signing time - not noticeably different than |
| 30 |
RSA2048/RSA3072. |
| 31 |
|
| 32 |
Better question to all of this, is there somebody with a PGP smartcard that can |
| 33 |
do the same tests? I'll provide some scripts for the testcase itself, but |
| 34 |
you'll have to see about generating a bunch of keys on the smartcard, which |
| 35 |
might be problematic. |
| 36 |
|
| 37 |
-- |
| 38 |
Robin Hugh Johnson |
| 39 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 40 |
E-Mail : robbat2@g.o |
| 41 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
Archives