In late October 2025, Torzon Market's communication system was updated to enforce a minimum key size of 4096-bit RSA for all PGP-encrypted messages. The previous minimum was 2048-bit — a standard that, while not practically broken, has been deprecated by NIST and major cryptographic standards bodies.
Technical Rationale
2048-bit RSA keys are currently considered computationally secure against known attack methods. However, the National Institute of Standards and Technology (NIST) deprecated 2048-bit RSA in 2015 and recommends 3072-bit or higher for new key generation. The platform's update to 4096-bit minimum aligns with best-practice guidance and provides a larger security margin against potential advances in cryptanalysis.
Downgrade Attack Vector
The previous system accepted keys of any size above 1024-bit, which in theory allowed a malicious actor to attempt to negotiate a weaker key exchange. The new enforcement at the application layer eliminates this vector by rejecting any key submission or encrypted message using a smaller key.
Migration Period
Users with existing 2048-bit keys received 30 days notice before enforcement began. The platform provided migration guides for all major GPG client implementations. Legacy keys were flagged in the UI with a deprecation warning prior to the hard enforcement cutoff.