[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

On Sat, Feb 22, 2014 at 10:41:48PM +0000, Clint Adams wrote:
> Redone with debian-keyring 2014.01.31, hopenpgp-tools 0.6-1,
> jq 1.3-1.1, and attached script:
> (/usr/share/keyrings/debian-keyring.gpg)
> Primary key pubkey sizes: 
>     612 1024

For those people who are not aware of this yet, this is really a
problem.  This provides less security than an 80 bit symmetric
cipher.  A brute force for this is possible.  It's considered to
have "very short time" protection against agencies, short time
against medium organisations.

That's still 61.5% that's at 1024 bit. CAs are doing better than
this, with only 0.8% of the certificates that are still active
being 1024 bit.

Can I suggest that everyone that is still using a 1024 bit pgp key
generates a new key *now*?

The recommended minimum size is at least 2048 bit, but I suggest
you go for 4096 bit.


Reply to: