On Sun, 18 Sep 2005 14:52:45 +0100, Ian G said:
How about because generating 2048 bit primes already takes long
enough, and 3072 takes ages?
Numbers?
A quick test shows about 4 seconds for 2048 bit and 21 seconds for
3072. However this includes the time required to gather enough
randomness; further tests took much longer very likely due to a lack
of entropy in the machine. Most applications don't need to generate
keys very ofthen, thus this should not be a problem.
OTOH, verification is used very often. Here are number from
Libgcrypt:
DSA 100 times sign verify
-----------------------------
DSA 1024/160 910ms 430ms
DSA 2048/224 1560ms 1890ms
DSA 3072/256 3610ms 4380ms
(The numbers for sign are not very reliable because it employs the
RNG and I could not adjust for it)
3072 takes more more than double the time of 2048 which is not too
bad. Compared to 1024 this is a real slowdown and would make key
signature verification a very time consuming operation. On slow
machines (embedded devices, older hardware) this would be very
annoying.
Shalom-Salam,
Werner