On Sat, Feb 22, 2014 at 10:41:48PM +0000, Clint Adams wrote: > > Redone with debian-keyring 2014.01.31, hopenpgp-tools 0.6-1, > jq 1.3-1.1, and attached script: > > (/usr/share/keyrings/debian-keyring.gpg) [...] > Primary key pubkey sizes: > 612 1024
For those people who are not aware of this yet, this is really a problem. This provides less security than an 80 bit symmetric cipher. A brute force for this is possible. It's considered to have "very short time" protection against agencies, short time against medium organisations. That's still 61.5% that's at 1024 bit. CAs are doing better than this, with only 0.8% of the certificates that are still active being 1024 bit. Can I suggest that everyone that is still using a 1024 bit pgp key generates a new key *now*? The recommended minimum size is at least 2048 bit, but I suggest you go for 4096 bit. Kurt -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140222234641.ga31...@roeckx.be
