[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

On Tue, Feb 25, 2014 at 02:34:01AM +0000, Marco d'Itri wrote:
> enrico@enricozini.org wrote:
> >It also took me a long while to switch because I didn't understand that
> >it was already this urgent,
> Because unless you are paranoid, then it is not.
> If anybody disagrees then please describe a credible threat model in
> which:
> - an entity would want to have access to the key of a DD, and
> - would find brute forcing a 1024 bit key more practical than 
>   stealing it or coercing a developer to disclose it.

There's also the hash algorithm issue, which could lead to signature
collision attacks (wether in data signing or in key signing).

Yves-Alexis Perez

Attachment: signature.asc
Description: Digital signature

Reply to: