On Mon, 25 Jun 2012 16:18, joh...@vulcan.xs4all.nl said: > That depends on your threat model. If signing messages is not so > important to you but encrypting is, this advice is understandable. So > let MD5 be broken, it matters not for encryption. Not that I would
Sure it matters. The self-signatures are bound using MD5 based signatures and thus the user id and the web of trust signatures are prone to MD5 attacks. > Did anyone study the effect this has in using pgp 2 on modern Linux of I don't care about PGP2 nor do the majority of crypto users. The RNG from PGP2 is usually used as an early example on the design of a RNG. > This suggests a threat model where your oponent has almost Stuxnet like > capabilities. Since the pgp 2 days we get warnings about adapted You seem to have that threat model: You created a 2k RSA key back in 2000. Even today it is not possible for any public institution to break a 1024 bit key. Thus why are you still advocationg MD5? > compilers, but I've never seen something like that surfacing. I'm not > saying it is impossible but I doubt it is practically doable on a large The business is that it shall not be visible on the surface. Kernel based key loggers are a standard feature of most trojans. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
