[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

On Feb 27, Yves-Alexis Perez <corsac@debian.org> wrote:

> > Because unless you are paranoid, then it is not.
> > If anybody disagrees then please describe a credible threat model in
> > which:
> > - an entity would want to have access to the key of a DD, and
> > - would find brute forcing a 1024 bit key more practical than 
> >   stealing it or coercing a developer to disclose it.
> There's also the hash algorithm issue, which could lead to signature
> collision attacks (wether in data signing or in key signing).
Please describe a credible threat model, etc.
"Theoretically possible" also means that somebody could factor a RSA 
4096 key at the first try with pen and paper so it does not matter much.


Attachment: signature.asc
Description: Digital signature

Reply to: