[Cryptography-dev] RSA key generation -- minimum key size?
Jarret Raim
jarret.raim at RACKSPACE.COM
Tue Feb 11 16:56:25 CET 2014
+1 on enforcing >= 1024
--
Jarret Raim
@jarretraim
From: Terry Chia <terrycwk1994 at gmail.com>
Reply-To: "cryptography-dev at python.org" <cryptography-dev at python.org>
Date: Tuesday, February 11, 2014 at 9:42 AM
To: "cryptography-dev at python.org" <cryptography-dev at python.org>
Subject: Re: [Cryptography-dev] RSA key generation -- minimum key size?
+1 on enforcing >=1024 bits. There is no sane reason to use smaller keys
really.
On Tuesday, February 11, 2014, Alex Gaynor <alex.gaynor at gmail.com> wrote:
> Hey all,
>
> The last major issue blocking landing RSA key generation is a discussion over
> whether or not to enforce a minimum key size for newly generated keys.
>
> I am advocating for requiring that key_size be >= 1024. Here is why:
>
> * Smaller keys are factorable (768 is known to be factored publicly, it's
> extremely likely even larger is factorable by nation states); there is
> basically no reason to use these keys.
> * PyCrypto enforces a 1024 minimum, which means there is no difficulty in
> porting applications; as there would be if we used a larger minimum
> * Loosening the check in the future is much easier, from a backwards
> compatibility perspective, then tightening it.
>
> Thus, 1024 seems like a reasonable balance of these concerns.
>
> How do other people feel?
> Alex
>
> --
> "I disapprove of what you say, but I will defend to the death your right to
> say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
> "The people's good is the highest law." -- Cicero
> GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140211/a160c094/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5611 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140211/a160c094/attachment-0001.bin>
More information about the Cryptography-dev
mailing list