enr...@enricozini.org wrote: >It also took me a long while to switch because I didn't understand that >it was already this urgent, Because unless you are paranoid, then it is not. If anybody disagrees then please describe a credible threat model in which: - an entity would want to have access to the key of a DD, and - would find brute forcing a 1024 bit key more practical than stealing it or coercing a developer to disclose it.
For bonus points compare this scenario with the development of Stuxnet. >I think it would be useful to see an update to debian-devel-announce, >explaining what's the current vulnerability status of 1024bit keys, and It would be useful if it were backed by a real analisys instead of "OMG the NSA could factor our keys!!!11!". -- ciao, Marco -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/legven$fop$1...@posted-at.bofh.it
