Re: State of the debian keyring

To: Clint Adams <clint@debian.org>, debian-project@lists.debian.org
Subject: Re: State of the debian keyring
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 23 Feb 2014 00:46:41 +0100
Message-id: <20140222234641.GA31478@roeckx.be>
In-reply-to: <20140222224148.GA2130@scru.org>
References: <20140123220729.GA25523@scru.org> <20140222224148.GA2130@scru.org>

On Sat, Feb 22, 2014 at 10:41:48PM +0000, Clint Adams wrote:
> 
> Redone with debian-keyring 2014.01.31, hopenpgp-tools 0.6-1,
> jq 1.3-1.1, and attached script:
> 
> (/usr/share/keyrings/debian-keyring.gpg)
[...]
> Primary key pubkey sizes: 
>     612 1024

For those people who are not aware of this yet, this is really a
problem.  This provides less security than an 80 bit symmetric
cipher.  A brute force for this is possible.  It's considered to
have "very short time" protection against agencies, short time
against medium organisations.

That's still 61.5% that's at 1024 bit. CAs are doing better than
this, with only 0.8% of the certificates that are still active
being 1024 bit.

Can I suggest that everyone that is still using a 1024 bit pgp key
generates a new key *now*?

The recommended minimum size is at least 2048 bit, but I suggest
you go for 4096 bit.

Kurt

Reply to:

Follow-Ups:
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>

References:
- Re: State of the debian keyring
  - From: Clint Adams <clint@debian.org>

Prev by Date: Re: State of the debian keyring
Next by Date: Re: State of the debian keyring
Previous by thread: Re: State of the debian keyring
Next by thread: Re: State of the debian keyring
Index(es):
- Date
- Thread