From the FAQ distributed with 1.0.1:
"
Q: What is the recommended key size?
A: 1024 bit for DSA signatures; even for plain ElGamal
signatures this is sufficient as the size of the hash
is probably the weakest link if the keysize is larger
than 1024 bits. Encryption keys may have greater sizes,
but you should than check the fingerprint of this key:
"gpg --fingerprint --fingerprint <user ID>".
"
From Lenstra/Verheul: 160-bit hash roughly equiv to 1513-bit ElGamal / RSA
key. Also don't forget that breaking the hash allows one message to be
forged whereas a break of ElGamal allows any number of messages to be forged
/ read so there can be a fair argument for making the asymmetric cipher
significantly stronger than the hash function.
I've started looking at the documentation that comes with GnuPG
(\gnupg-1.0.1\doc), the "--list-keys --with-colons" option is cool - this
could option could do with being listed on gpg --help though? How many
other functions have command line options that aren't documented in --help
is there a list somewhere (apart from the source code ;).
Regards,
Sam Simpson
Communications Analyst
-- http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
"
Q: What is the recommended key size?
A: 1024 bit for DSA signatures; even for plain ElGamal
signatures this is sufficient as the size of the hash
is probably the weakest link if the keysize is larger
than 1024 bits. Encryption keys may have greater sizes,
but you should than check the fingerprint of this key:
"gpg --fingerprint --fingerprint <user ID>".
"
From Lenstra/Verheul: 160-bit hash roughly equiv to 1513-bit ElGamal / RSA
key. Also don't forget that breaking the hash allows one message to be
forged whereas a break of ElGamal allows any number of messages to be forged
/ read so there can be a fair argument for making the asymmetric cipher
significantly stronger than the hash function.
I've started looking at the documentation that comes with GnuPG
(\gnupg-1.0.1\doc), the "--list-keys --with-colons" option is cool - this
could option could do with being listed on gpg --help though? How many
other functions have command line options that aren't documented in --help
is there a list somewhere (apart from the source code ;).
Regards,
Sam Simpson
Communications Analyst
-- http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.