[genr8]

4096 _does_ take a lot of extra CPU resources, and it _is_ diminishing returns. But anyone who prioritizes this above all else is arguing either from a vantage point of distributed scaling across servers that cost money to handle millions of extra cycles per key times millions of keys, or from a place of defending the status quo just for the sake of defending their past choices, which I hate. Their motives for defending it have to be questioned. The page says you gain very little, because by this point we are moving away from RSA to elliptic curves, from which you gain A LOT. Section 11.5 states: "If you need more security than RSA-2048 offers, the way to go would be to switch to elliptical curve cryptography — not to continue using RSA." This is the entire point of this HN Thread. A lot of smartcard and hardware vendors have a vested interest in the status quo 2048-bit RSA because they are stingy with embedded CPU resources or monetary resources in the cost of switching algos. And theres specifically an issue with GNUPG and Elliptic Curves and license compatibility https://www.yubico.com/blog/big-debate-2048-4096-yubicos-sta... If you are an end-user with personal keys only, and fast computers, switching to a 3072 or 4096 bit key is a no brainer. The largest overhead of additional CPU cycles is only consumed on generation, not on verification. Interoperability is nearly always ensured, and you gain some 16% percent security (which is NOT "almost nothing"). Beyond that, you should switch to Ed25519 (which uses less CPU resources anyway). Continuing to argue this point is beyond the scope of this discussion. You can research yourself why RSA-2048 is being deprecated, and everyone who can switch is switching Ed25519. Or maybe the OP will write another blog post better than I can, since nobody listens to me anyway. The point was to get you to switch away from RSA, not continue using it with 4096.