Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)

[Ondřej Surý <ondrej@sury.org>]

On 5. 3. 2014, at 5:54, peter green <plugwash@p10link.net> wrote:

I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would

it be possible to skip the RSA and go directly for ECDSA, before we

start deprecating DSA? Or at least have an option to do so? (Well,

unless GnuPG 2.1 release is too much far in the future.)

 

IMO we need to phase out 1024 bit RSA/DSA keys as soon as reasonablly practical.  Even if gnupg 2.1 was released tomorrow we would still have the problem of Debian stable releases and other distros carrying older versions.

You have convinced me :). Even though the attack surface is lowered by the fact that you would (probably) notice the malicious upload with your compromised key. But the reputation harm would still be there.

Also ECDSA shares with DSA the serious disadvantage over RSA that making signatures on a system with a broken RNG can reveal the key.

Care to share a source? I thought that RSA would be vulnerable to poor RNG as well.

O.

-- 

Ondřej Surý <ondrej@sury.org>

Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server