[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RSA key sizes
On 08/25/14 01:05, another wrote:
> so as an online backup for the truly paranoid, I'm kinda missing bigger RSA keys.
> I couldn't find anything on the manpages nor on a quick check of the source.
> Are there plans to implement this?
No.
> Are there specific reasons why it isn't implemented?
On 2048-bit RSA, attacks on implementations (e.g., side channels) are far easier
than mathematical attacks (aka. factoring). Larger RSA sizes make side channel
attacks easier by slowing down the process and reducing the bandwidth required
for measurements.
In my opinion, 2048-bit RSA is the safest key length available, and the modus
operandi for Tarsnap from the start has been "I know crypto, so let me pick the
right tools for you to use".
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid