Hi, With the current trend in Debian to move out of DSA into RSA [1], and considering the theoretical (and probably correct) attack just presented [2], what are we planning to do?
I am curious about the potential impacts -- compatibility, cost (both CPU-wise and conversion-wise), and proposed Ubuntu standard. Notice that this might as well involve a change to the gpg defaults, key generation utilities (seahorse, and equivalents), etc. In other words, it can have a high impact both for our internal usage (maintainer keys) as for the end-users. I am not advocating either way: 2^52 is still a large value (and, as such, still costly to attack); but it is safe to state that the time to move out of SHA1 is coming sooner than later, and we might get it done right if we start thinking about it now. Thanks, [1] http://www.debian-administration.org/users/dkg/weblog/48 [2] http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss