On Wed, 05 Mar 2014, peter green wrote: > Also ECDSA shares with DSA the serious disadvantage over RSA that > making signatures on a system with a broken RNG can reveal the key.
I believe that we should avoid ECDSA gnupg keys and subkeys like the plague for the time being. You'd most likely get ECDSA keys using the NIST p-curves out of gnupg, and these p-curves are suspected to be backdoored. AFAIK, better curves are available only on the latest development versions of gnupg 2.1, and the difficulties do not end there: the keyservers are also going to be a problem for such keys and subkeys for a while yet. IMHO, we should stick with 4096-bit RSA for the main key for the time being, and use short expire dates for the *subkeys* (2 years or less). Refer to http://safecurves.cr.yp.to/ for more details on elliptic curves for crypto. PS: NIST p-curves are also a potential problem on OpenSSH and DNSSEC. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140323025114.ga14...@khazad-dum.debian.net
