Mailing List Archive

increase the default RSA key size to 3072 bits
OpenSSH 8.0 was released yesterday, one change being:

> * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
> following NIST Special Publication 800-57's guidance for a
> 128-bit equivalent symmetric security level.

This points to
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf#page=66

GnuPG 2.2.15 still has RSA 2048 as default, although Debian (and
Debian-based distros) ship with 3072 as default.

I would be in favor of following OpenSSH and increasing the default RSA
key size to 3072 bits.

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.
Re: increase the default RSA key size to 3072 bits [ In reply to ]
Am Donnerstag, 18. April 2019, 09:21:48 CEST schrieb ilf:

Hi,
>
> This points to
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pd
> f#page=66
>
> GnuPG 2.2.15 still has RSA 2048 as default, although Debian (and
> Debian-based distros) ship with 3072 as default.
>
> I would be in favor of following OpenSSH and increasing the default RSA
> key size to 3072 bits.

Just FYI: 4096 will be allowed very soon.

Ciao
Stephan



_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: increase the default RSA key size to 3072 bits [ In reply to ]
Stephan Mueller:
> Just FYI: 4096 will be allowed very soon.

What do you mean? Who will "allow" 4096?
Both OpenSSH and GnuPG already allow creating 4096 RSA keys. The
question is about the default value.

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.
Re: increase the default RSA key size to 3072 bits [ In reply to ]
Am Donnerstag, 18. April 2019, 10:12:44 CEST schrieb ilf:

> Stephan Mueller:
> > Just FYI: 4096 will be allowed very soon.
>
> What do you mean? Who will "allow" 4096?

NIST plans to allow it with a new FIPS 140-2 IG

> Both OpenSSH and GnuPG already allow creating 4096 RSA keys. The
> question is about the default value.

I am just airing that for consideration what the default may be.

Ciao
Stephan



_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: increase the default RSA key size to 3072 bits [ In reply to ]
On Thu 2019-04-18 09:21:48 +0200, ilf wrote:
> OpenSSH 8.0 was released yesterday, one change being:
>
>> * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
>> following NIST Special Publication 800-57's guidance for a
>> 128-bit equivalent symmetric security level.
>
> This points to
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf#page=66
>
> GnuPG 2.2.15 still has RSA 2048 as default, although Debian (and
> Debian-based distros) ship with 3072 as default.
>
> I would be in favor of following OpenSSH and increasing the default RSA
> key size to 3072 bits.

GnuPG master already defaults RSA keys to 3072 bits, and debian has been
shipping this as the default in unstable since September 2017 (version
2.2.0-2), and in stable itself since October 2018 (version
2.1.18-8~deb9u3). I've heard no complaints about it.

the modern version of gpgsm has shipped upstream with 3072-bit RSA
defaults since 2.2.14 (2019-03-19).

So the only holdout and 2048-bit RSA is the modern version of gpg
upstream.

I agree that it makes sense to do this on the 2.2 branch.

--dkg