lfit / itpol

Useful IT policies

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

default bit size for master key

henrich opened this issue · comments

Generate a 4096-bit RSA master key (ESSENTIAL)

But there's no reason why we should choose 4096 bit key in this guide, instead of default 2048/3072 bit key.

You're right -- the reasons are mostly social and not technical. We have many respected cryptographers on the record stating that 2048-bit keys cannot be defeated without weakening RSA itself -- in which case 4096-bit keys will not offer much additional resistance. However, master keys happen to be the most visible ones on the keyservers and some of the developers you interact with will judge how good and paranoid you are based purely on the size of your key. Having a 4096-bit master key shuts them up. :)

I'll see if I can add this explanation into the guide.