Hello, I would like to increase the key size generation to 16384 what file has to be modified to be able to do it? or how to cross-compile gpg2 using mingw?
Thank you
Why on earth would you want to generate a 16384-bit RSA key? The current consensus amongst cryptographers (and recommendation by NIST) is that RSA-2048 is good at least to the year 2030, unless there is a major breakthrough in the mathematics of factorisation. For symmetric encryption, using AES, 128 bits are easily sufficient. Brute-forcing AES-256 would take millions of years.
A better use of your time would be thinking up really good passphrases with plenty of entropy, since the strength of a key against dictionary and other chosen-ciphertext attacks depends on them.
If you want to prevent anyone reading your e-mail traffic, RSA-2048 / AES-128 is more than good enough. You need to be more worried about what happens at either end of your communications - do you destroy your e-mail copies once sent, or make sure they stay encrypted? Does the recipient do this? Do the encryption keys stay in memory or on your hard disk? How secure is your computer against an attacker getting into it, and how much would it matter if they did?
Think of the general security model - how likely is it that the NSA, for instance, would want to read your messages? Unless you are a senior military strategist or businessman in China, Iran, Russia, or wherever, the answer is - it wouldn’t be worth their while trying, because even with their computing power they can’t break AES-256 / RSA-2048 by brute-force, as far as anyone can tell. And even if you are, they are more likely to use other methods, like compromising your computer with a Trojan to steal your passwords.
Depending on which country you are in, the authorities might be more interested in who your e-mail traffic goes to, and why it is encrypted, than the contents of the e-mails themselves. And, if they really do want the contents, you may be forced to give up your key anyway. (In the UK and the USA you can go to jail if you refuse). In some countries, if you don’t anonymise your communications and they find you, they will just beat the key out of you (this is known as the rubber-hose method). In these situations the key length becomes irrelevant.
Have a look at this website: http://www.keylength.com/en/compare/. Don’t worry about keylengths, read Bruce Schneier’s books on security and encryption, including “Applied Cryptography” and “Cryptography Engineering”.
Hi loko : while I agree with what JM Ward says in his response, if you want to try to generate a longer key, there is quite a bit of applicable info in a recent thread in this forum.
Look back at “8192 or bigger keys” from September.
Thanks for the replies. I sae that link before writing my question. It would be nice to generate big keys without using the batch feature. I can see from the source that there is no keygen.c so I dont know what file to modify to apply what i want.
Any other solution besides what is written already would be appreciate.
Thank you
Regards