In a previous blog post I talked about RSA key length and argued why a 2048-bit key is still a viable choice today.
However, here at Yubico we do not like to remain idle, twiddling our thumbs. We are constantly improving our products. As a result of these efforts, earlier this month, we launched the YubiKey 4. This 4th generation YubiKey sports several improvements and new functionality, including a more powerful secure element. One notable addition is that YubiKey 4 now supports RSA keys up to 4096 bits!
While cryptography is in transition (more on that later), I believe that today’s YubiKey 4 is an even more powerful tool, giving users the possibility of generating and importing longer OpenPGP keys for decryption, signature, and authentication. You can even load your master key onto a separate YubiKey 4 and use that to sign other people’s keys, without having to take your air-gapped computer out of storage.
Plus, with the addition of “touch-to-sign” providing an extra layer of security, the next attacker model will have to include biochips that can grow a finger and touch your YubiKey.
The new RSA 4096 support comes at a very interesting time. Until recently, the NSA has been promoting the so called Suite B Cryptography, a collection of cryptographic algorithms recommended to protect classified information up to the Top Secret level. What is interesting about Suite B is that RSA is not included, and Elliptic Curve Cryptography (ECC) is instead preferred. However, in August, the NSA had a sudden change of heart and published an article where it stated that we should start to get ready for quantum computers and begin using quantum-resistant algorithms, effectively moving away from ECC.
Before getting there, there is going to be a transition phase, but the adoption of Suite B has henceforth been discouraged. One of the algorithms suggested for key establishment and digital signatures in this transition phase is, surprise surprise, RSA with a 3072-bit key. Why the NSA has decided to move in this direction is open to debate (and speculation), especially considering that there is, more or less, general consensus on the fact that practical quantum computers are still a couple of decades away. I will refrain from opening that can of worms and only point out that an interesting discussion on this decision can be found in this paper.
Cryptography is a complicated topic, both from a technical and practical standpoint. Analyzing and proving the security properties of different schemes and algorithms takes a long time (if at all possible). Adoption and deployment also are time consuming. This is highlighted by the fact that even giant organizations, like the NSA, change their mind as time goes by.
Our creed here at Yubico is to try and be up to speed with the technology involved in these changes, providing our users with as many tools as possible so they are enabled to take whichever choice they believe to be better for their specific use case.
To put it in a different way, we will give your Swiss Army knife as many blades as we can — which ones you choose and how you use them is up to you!