Werner Koch wrote:
On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
[...]
logarithm problem and /vice versa/. Accordingly, RSA1024 is now
considered sufficiently dubious that some implementations no longer
support it, such as the go-crypto/openpgp library used by the newer
Which is a Bad Idea because it is up to the user or their implementation
to decide which keys are trustworthy. Being able to revoke rsa1024 keys
is a useful feature. Although MD5 (PGP2) can be considered as fully
broken, rsa1024 is not in general broken.
Agreed; I was not endorsing that position, but I see that I should have
said "apparently considered" to make that a bit more clear. I trust
that GPG will continue to support the shorter RSA keys for the
foreseeable future.
But ist is pretty fashionable to use an easy to exploit OS (e.g. not
using the latest Linux kernel) and musing about RSA key strength. Keep
Shamir's law in mind.
Or even Windows, which remains disturbingly common in applications that
probably need far less attack surface, like industrial control
systems... (Is the stupidity of management a main driver of Shamir's law?)
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
