Bugtraq mailing list archives
Re: 1024-bit RSA keys in danger of compromise
From: "Hugh Pierce" <hpierce () stutzmanpierce com>
Date: Thu, 28 Mar 2002 14:47:06 -0500
Eroding the web of trust is indeed unfortunate, but these developments may be too unnerving for some sections of crypto users to sit idle with the possibility hanging over their heads of the NSA being able to break <1024 keys. The article below covers both arguments well: http://www.eweek.com/article/0,3658,s=712&a=24663,00.asp Hugh Hugh Pierce, Founder and CTO STUTZMANPIERCE, INC. Intelligence Based Information Security www.stutzmanpierce.com
"Lucky Green" <shamrock () cypherpunks to> writes:In light of the above, I reluctantly revoked all my personal 1024-bit PGP keys and the large web-of-trust that these keys have acquired over time.
From: "Florian Weimer" <Weimer () CERT Uni-Stuttgart DE>
And this is certainly the wrong thing to do. Key revocations are not the proper way to deal with algorithmic weaknesses. Many people will follow your advice and destroy large parts of the web of trust, and we don't even know yet if there's a real threat (Bernstein himself said so a few weeks ago, for example). You don't revoke your keys just because someone can impersonate you, using bugs in a widespread OpenPGP implementation, do you? -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- 1024-bit RSA keys in danger of compromise Lucky Green (Mar 25)
- Re: 1024-bit RSA keys in danger of compromise Len Sassaman (Mar 25)
- Re: 1024-bit RSA keys in danger of compromise Florian Weimer (Mar 28)
- Re: 1024-bit RSA keys in danger of compromise Hugh Pierce (Mar 29)