[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Second OpenPGP-card
From: Jacob Bachmeyer via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2024-02-28 23:40:07
Message-ID: 65DFC457.6030903 () gmail ! com
[Download RAW message or body]
Werner Koch wrote:
> On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
>
> [...]
>> logarithm problem and /vice versa/. Accordingly, RSA1024 is now
>> considered sufficiently dubious that some implementations no longer
>> support it, such as the go-crypto/openpgp library used by the newer
>>
>
> Which is a Bad Idea because it is up to the user or their implementation
> to decide which keys are trustworthy. Being able to revoke rsa1024 keys
> is a useful feature. Although MD5 (PGP2) can be considered as fully
> broken, rsa1024 is not in general broken.
>
Agreed; I was not endorsing that position, but I see that I should have
said "apparently considered" to make that a bit more clear. I trust
that GPG will continue to support the shorter RSA keys for the
foreseeable future.
> But ist is pretty fashionable to use an easy to exploit OS (e.g. not
> using the latest Linux kernel) and musing about RSA key strength. Keep
> Shamir's law in mind.
Or even Windows, which remains disturbingly common in applications that
probably need far less attack surface, like industrial control
systems... (Is the stupidity of management a main driver of Shamir's law?)
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic