[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing < 2048 bit keys from the Debian keyrings



Hi,

On Sonntag, 31. August 2014, peter green wrote:
> My understanding is that the NSA and similar organisations can probablly
> crack 1024 bit keys but the cost of doing so (assuming there hasn't been
> some secret mathematical breakthrough) is likely sufficiently high that
> it would be cheaper to infiltrate debian the old-fasioned way (false
> passports, putting agents through the NM process etc). Is that
> understanding correct?

besides that I dont think the costs are that high anymore (once you've build 
that/these computer/s, you've build it/them...) I also don't see what they 
would gain by activly infiltrating us (except risk of exposure): we work in 
the open, we don't have secrets. And "they" can read debian-private anyway... 
and there are plenty of known and unknown exploits too, to be able to run 
code.


cheers,
	Holger, who will not sign keys based on transition statements...

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: