[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: Second OpenPGP-card
From:       Jacob Bachmeyer via Gnupg-users <gnupg-users () gnupg ! org>
Date:       2024-02-28 23:40:07
Message-ID: 65DFC457.6030903 () gmail ! com
[Download RAW message or body]

Werner Koch wrote:
> On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
>   
> [...]
>> logarithm problem and /vice versa/.  Accordingly, RSA1024 is now
>> considered sufficiently dubious that some implementations no longer
>> support it, such as the go-crypto/openpgp library used by the newer
>>     
>
> Which is a Bad Idea because it is up to the user or their implementation
> to decide which keys are trustworthy.  Being able to revoke rsa1024 keys
> is a useful feature.  Although MD5 (PGP2) can be considered as fully
> broken, rsa1024 is not in general broken.
>   

Agreed; I was not endorsing that position, but I see that I should have 
said "apparently considered" to make that a bit more clear.  I trust 
that GPG will continue to support the shorter RSA keys for the 
foreseeable future.

> But ist is pretty fashionable to use an easy to exploit OS (e.g. not
> using the latest Linux kernel) and musing about RSA key strength.  Keep
> Shamir's law in mind.

Or even Windows, which remains disturbingly common in applications that 
probably need far less attack surface, like industrial control 
systems...  (Is the stupidity of management a main driver of Shamir's law?)


-- Jacob


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic