On Wed, Mar 05, 2014 at 08:29:37AM +0100, Ondrej Surý wrote: > On Tue, Mar 4, 2014, at 21:33, Gunnar Wolf wrote: > > Ondrej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]: > > > On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote: > > > > As keyring maintainers, we no longer consider 1024D keys to be > > > > trustable. We are not yet mass-removing them, because we don't want to > > > > hamper the project's work, but we definitively will start being more > > > > aggressively deprecating their use. 1024D keys should be seen as > > > > brute-force vulnerable nowadays. Please do migrate away from them into > > > > stronger keys (4096R recommended) as soon as possible. > > > > > > I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would > > > it be possible to skip the RSA and go directly for ECDSA, before we > > > start deprecating DSA? Or at least have an option to do so? (Well, > > > unless GnuPG 2.1 release is too much far in the future.) > > > > Umh, I feel I have to answer this message, but I clearly don't have > > enough information to do so in an authoritative way¹. AIUI, ECDSA has > > not been shown to be *stronger* than RSA -- RSA works based on modulus > > operations, ECDSA on curve crypto. ECDSA keys can be smaller and > > achieve (again, AIUI) the same level of security. But nothing so far > > shows that RSA will be broken before or after ECDSA. > > > > Barring somebody pointing me to the right place to read, my take would > > be that we should accept both RSA and ECDSA keys > > Yes. I didn't suggest that we drop RSA. > > > (of what minimum size/strength?). > > These might provide a guidance (even for RSA key lengths). > > http://www.keylength.com/en/compare/#Biblio4 > http://csrc.nist.gov/groups/ST/toolkit/key_management.html > > and > > http://csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf > > NIST seems to recommend at least 2048 bits for RSA and Curve P-256 for > ECDSA
You might want to take a look at http://safecurves.cr.yp.to/ before using the P-curves. Kurt -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140305180926.ga3...@roeckx.be