[Gllug] GPG key expiry

James Hollingshead james at hollo.org
Wed Jul 3 13:44:26 UTC 2002

On Wed, Jul 03, 2002 at 01:48:20PM +0100, tet at accucard.com wrote:
> Future advances in factoring (if they ever happen) will involve a
> non-brute force technique. Increasing key length won't help with
> that at all. What it will help with is protecting you against future
> advances in computing power. It will make it harder to brute force,
> but to be honest, 1024 bits is almost certainly secure for the
> forseeable future.

The important question here is how long you need stuff you encrypt to
remain secret for. If foreseeable future means 30 years then that is
fine for credit card details or business plans, but there might be
some data that needs to stay secret for longer (eg. medical records).

For brute force searches if you assume Moore's law you need an extra
bit for every extra 18 months you want stuff to stay secret for. I
don't know how the most recent factoring algorithms scale with key
size though.


Gllug mailing list  -  Gllug at linux.co.uk

More information about the GLLUG mailing list