 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
>> On Fri, 14 Apr 2006 15:29:34 -0400, John Abreau <jabr at blu.org> said: > Are there any problems with making the keys, particularly the CA > key, something like 4096 bits long? How about 8192 bits long? Either is fine, but I personally find 8192 bits a little distasteful; most CA keys are 4096 bits long, and have an expiry of around fifteen years. 4096-bit keys have been conjectured "safe", against the best-known algorithms, for 45 years[1]. So, it makes sense to take that, plan for dramatic but conventional advances (since you can't plan for unconventional ones) and set an expiry of a decade or two. I think it makes less sense to go with an 8192-bit key and be attempting to plan hundreds of years into the future. (But IANACryptographer.) Footnotes: [1]: <http://www.win.tue.nl/~klenstra/key.pdf>, p.32. -- Chris Ball <cjb at mrao.cam.ac.uk> <http://blog.printf.net/>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
