Re: State of the debian keyring
On Sat, Feb 22, 2014 at 10:41:48PM +0000, Clint Adams wrote:
> Redone with debian-keyring 2014.01.31, hopenpgp-tools 0.6-1,
> jq 1.3-1.1, and attached script:
> Primary key pubkey sizes:
> 612 1024
For those people who are not aware of this yet, this is really a
problem. This provides less security than an 80 bit symmetric
cipher. A brute force for this is possible. It's considered to
have "very short time" protection against agencies, short time
against medium organisations.
That's still 61.5% that's at 1024 bit. CAs are doing better than
this, with only 0.8% of the certificates that are still active
being 1024 bit.
Can I suggest that everyone that is still using a 1024 bit pgp key
generates a new key *now*?
The recommended minimum size is at least 2048 bit, but I suggest
you go for 4096 bit.