-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1
I'll get back to this bit in a moment. ;) > I suppose this means that 1024 bit RSA-keys are ridiculous and the > Open PGP Card is a joke. Not necessarily. There's certainly a strong argument to be made for moving to RSA-2048, but just because something is susceptible to an attack involving an enormous amount of horsepower doesn't mean that it's useless. As an example, you apparently have no objection to signing with SHA1, despite the fact it's subject to an attack requiring a work factor of about 2**63... which is in the same ballpark as factoring RSA-1024. If it takes over a CPU-century of number crunching and extraordinarily special mathematical properties to be able to break RSA-1024, then I think the RSA-1024 keys I use for secure SMTP are just fine. Likewise, credit card transactions secured by RSA-1024 SSL certs are probably just fine for now; there are far, _far_ easier ways to get credit card numbers than to rent a year of supercomputing time just to get the key to _one_ web site. We should be migrating to RSA-2048, sure. Just like we should be migrating to SHA256. But it's not the case that RSA-1024 is 'ridiculous' or the OpenPGP card is 'a joke'. - -- Robert J. Hansen <[EMAIL PROTECTED]> "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkZ0Ii0ACgkQf2XByo0Cu7PikgDffNZ71tKX/GnkIyVX77tE2r3K sXCIx8vqn4oblwDghCzUjJvxGNS7btDhE+qlLTuXbUouMgoQqfafvYkBHAQBAQgA BgUCRnQiLQAKCRC3APSC/q+BCS0dB/44AJ68utpLuk3jRmt0gBQbcRNSERLX3G79 FCBH7ReBhYCc6luJR0OGsdOb0DfVVStfot7DkvTsXIc+YHeE3U9JAmaSqrVD9Qwm y40uTu9PXM/87k17nUtTN6S5OLo0IX0IA2pXqde+cY1gA7lz3fBFN5XUUrCnC1W9 ZUoekK7bV9JheL7//QHkmflkgOnLaA/+0Iq1V5+9rjM0ySSNvQvijFUjcivL3UAN CsD/a09GOtiFxwFzrx7+56imd3H+j5tRfhmIhCc5l+ZQnZGSEhnVl249W7EYRXbj +faV9LY3wBkMvH14bKdkgoLfCqHNX2XmGkjWigztcro1cSfGn34N =YHhO -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
