问题
What are good keylength for El-Gamal?
回答1:
This is really an open-ended question and it depends on what platform you want to use, your performance constraints, who your enemies are et.c.
The outdated GnuPG faq sums this up nicely on length of ElGamal keys - notice that GPG currently creates 2048 bit ElGamal keys by default.
[...] After all, if the key is large enough to resist a brute-force attack, an eavesdropper will merely switch to some other method for obtaining your plaintext data. Examples of other methods include robbing your home or office and mugging you. 1024 bits is thus the recommended key size. If you genuinely need a larger key size then you probably already know this and should be consulting an expert in data security.
xkcd #538 is also of relevance here. :-)
回答2:
I suggest to have a look at this document from Ecrypt. It lists the the different key lengths in dependency of the required security level. http://www.ecrypt.eu.org/documents/D.SPA.13.pdf
There is also a short summary and key length suggestions from other organizations at http://www.keylength.com/en/3/
来源:https://stackoverflow.com/questions/5960621/what-are-good-and-safe-keylength-for-el-gamal