Mailing List Archive

> How do I upp the limit of the RSA-key to 32768?

First, come up with a reason why you need one.

A 2048-bit key is hypothesized to possess about 112 bits of entropy; a
3072-bit key, about 128; a 16k-bit, about 256. You very rapidly reach a
point of dramatically diminishing returns. A 32k key gives you
essentially nothing in terms of resistance to cryptanalysis, while
making it impossible for the rest of the OpenPGP ecosystem to work with
you because your public certificate is so unreasonably large.

> The TailsOS team has a key that's wy over 16384-bit.

I suggest filing a bug report with them and asking them why they ignore
the best practices of cryptography.

Robert J. Hansen via Gnupg-users wrote:
>> The TailsOS team has a key that's wy over 16384-bit.
>
> I suggest filing a bug report with them and asking them why they ignore the
> best practices of cryptography.

I don't know that there's anything to file a bug about. I
don't see any non-rsa4096 keys on the Tails website:

https://tails.net/doc/about/openpgp_keys/

--
Todd

> I don't know that there's anything to file a bug about. I
> don't see any non-rsa4096 keys on the Tails website:

One of their certificates has a Curve-25519 subkey. I wonder if that's
what the original poster saw, and mistook it for being a 25,519-bit
subkey.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Robert J. Hansen via Gnupg-users wrote:
>> I don't know that there's anything to file a bug about. I
>> don't see any non-rsa4096 keys on the Tails website:
>
> One of their certificates has a Curve-25519 subkey. I wonder if that's what
> the original poster saw, and mistook it for being a 25,519-bit subkey.

Ahh, that's a very good guess. I missed that sub key while I
was skimming the list of keys.

--
Todd

-----BEGIN PGP MESSAGE-----

hF4DqiTMgbiu0IsSAQdAIxIXDZNcIaFZZGs3nr+2bd3yzmDQkBl7eksKX5ETqRIw
3u7QaS5QiuVOr1ZF7rKAx5hetVbe2NfvByBLs8Xw5hVI0VDGZ2/L62jf0QXnrWuk
0sAiAVNO9kiUE9BvGsvc4ksmZQ76Q7QjFysUe+flDJn5fXTM2nwE2D639PPiigRu
puCOR/YolulNzHmK0wP7XV80r4+9p7Tz3wqfOja1kODModoclYnfh+IYgC5KXxtA
VdzgFLpBh7Wnt6WYdTlIrg/YBOOh/xcAMS+apKwcd32OJgWhdodXlKkMSF5Fo6Tw
23SUsNSovl+rCkNZZXROwjfMfuXiwlyr8zB3jEi5RCNrPHWaArQfFdCNnbxz+QqU
F5a3fDJVa7A9FS96ZvQ9cYUNNZNKRPRsS2xcTwpExyMUnX9J6A==
=elyn
-----END PGP MESSAGE-----




> On Monday, 10. July 2023 1:08, Robert J. Hansen via Gnupg-users
> [/webmail/send?to=gnupg-users@gnupg.org] wrote:
>
>
>
> > How do I upp the limit of the RSA-key to 32768?
>
> First, come up with a reason why you need one.
>
> A 2048-bit key is hypothesized to possess about 112 bits of entropy; a
> 3072-bit key, about 128; a 16k-bit, about 256. You very rapidly reach a point
> of dramatically diminishing returns. A 32k key gives you essentially nothing
> in terms of resistance to cryptanalysis, while making it impossible for the
> rest of the OpenPGP ecosystem to work with you because your public certificate
> is so unreasonably large.
>
> > The TailsOS team has a key that's wy over 16384-bit.
>
> I suggest filing a bug report with them and asking them why they ignore the
> best practices of cryptography.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

I will not answer encrypted messages posted to the list. This is a
public mailing list. Signatures are fine, but encrypted
person-to-person messages are not.

Also, please do not send HTML email to the list. Many of the people you
hope will read your email refuse to read HTML email.

My name is Snowden. And I cannot send a decrypted version of the mail.



> On Sunday, 27. August 2023 2:28, Robert J. Hansen via Gnupg-users
> [/webmail/send?to=gnupg-users@gnupg.org] wrote:
>
>
>
> I will not answer encrypted messages posted to the list. This is a public
> mailing list. Signatures are fine, but encrypted person-to-person messages are
> not.
>
> Also, please do not send HTML email to the list. Many of the people you hope
> will read your email refuse to read HTML email.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

> My name is Snowden.

I don't care.

> And I cannot send a decrypted version of the mail.

Then please learn how to do so.

To recap:

1. There is no point in a 32kbit RSA key.
2. For that reason, GnuPG doesn't allow you to generate one.
3. I will not help you do something that has no point.
4. Do not send encrypted messages to the mailing list.
5. Do not sent HTML messages to the mailing list.

I hope I am being clear. If you have further questions that are not
completely answered above, we look forward to hearing them.