On Wed, Sep 15, 2010 at 03:14:48PM +0200, Marco d'Itri wrote: > On Sep 15, Christian PERRIER <bubulle@debian.org> wrote: > > > I would like to know the process which lead to selecting these > > > figures. > > Apparently, just like many other things in the project: the folks > > doing the work (and appointed for this by the project through the > > DPL) examine the situation, make plans and decisions and then > > announce them. > I suppose that this was not the result of cargo cult engineering, so > if these new recommended key values have been selected as the result > of a process I am curious to know the rationale which lead to the > choice. It really looks like a simple question to me. > > I am just asking for a rationale. I would like to know if the new > recommended key values have been selected as the result of a process, > and what the rationale is, or if this is cargo cult engineering. The key driver is moving away from SHA-1 based keys, but as part of the same process we want to increase key length from 1024 bits. If you're generating a new key and have no reason not to do so then we're recommending 4096 bits (as the largest easily generated size with our current tools). Yes, this is way beyond what anyone is going to be able to attack, and there are many, many other easier attack vectors people could use against Debian instead, but we do end up with keys hanging around for a long time (10+ years in many cases) and we feel it makes sense to rule out key strength as a problem given the increases in processing power since we started out with 1024 bits. We won't refuse 2048 bit keys; whether that be because you're using a hardware OpenPGP smartcard, or have a slower machine and feel it makes a big difference, or have just made an reasoned out decision that this is sufficient. J. (wearing a rather fetching keyring-maint hat) -- Web [ 101 things you can't have too much of : 29 - T-shirts. ] site: http:// [ ] Made by www.earth.li/~noodles/ [ ] HuggieTag 0.0.24
Attachment:
signature.asc
Description: Digital signature