On Wed, 05 Mar 2014, peter green wrote:
> Also ECDSA shares with DSA the serious disadvantage over RSA that
> making signatures on a system with a broken RNG can reveal the key.
I believe that we should avoid ECDSA gnupg keys and subkeys like the plague
for the time being.
You'd most likely get E
Helmut Grohne writes ("Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing
keyring updates. Let us bury your old 1024D key!)"):
> ECDSA is a DSA algorithm and therefore relies on the creation of secure
> random numbers. It has this problem, that if you happen to choose the
&
On Tue, Mar 04, 2014 at 02:33:23PM -0600, Gunnar Wolf wrote:
> Umh, I feel I have to answer this message, but I clearly don't have
> enough information to do so in an authoritative way¹. AIUI, ECDSA has
> not been shown to be *stronger* than RSA ??? RSA works based on modulus
> operations, ECDSA on
On Wed, Mar 05, 2014 at 08:29:37AM +0100, Ondrej Surý wrote:
> On Tue, Mar 4, 2014, at 21:33, Gunnar Wolf wrote:
> > Ondrej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]:
> > > On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
> > > > As keyring maintainers, we no longer consider 1024D keys to
On Tue, Mar 4, 2014, at 21:33, Gunnar Wolf wrote:
> Ondřej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]:
> > On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
> > > As keyring maintainers, we no longer consider 1024D keys to be
> > > trustable. We are not yet mass-removing them, because we don
On Wed, Mar 5, 2014, at 7:58, Bastian Blank wrote:
> On Wed, Mar 05, 2014 at 06:54:53AM +, Ondřej Surý wrote:
> > > Also ECDSA shares with DSA the serious disadvantage over RSA that making
> > > signatures on a system with a broken RNG can reveal the key.
> > Care to share a source? I thought
On Wed, Mar 05, 2014 at 06:54:53AM +, Ondřej Surý wrote:
> > Also ECDSA shares with DSA the serious disadvantage over RSA that making
> > signatures on a system with a broken RNG can reveal the key.
> Care to share a source? I thought that RSA would be vulnerable to poor RNG as
> well.
The a
On 5. 3. 2014, at 5:54, peter green wrote:
>>
>> I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would
>> it be possible to skip the RSA and go directly for ECDSA, before we
>> start deprecating DSA? Or at least have an option to do so? (Well,
>> unless GnuPG 2.1 release is to
On Tue, Mar 04, 2014 at 08:10:47PM +0100, Ondrej Surý wrote:
> On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
> > As keyring maintainers, we no longer consider 1024D keys to be
> > trustable. We are not yet mass-removing them, because we don't want to
> > hamper the project's work, but we defini
Moin!
Gunnar Wolf writes:
> Ondřej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]:
>> On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
>> > As keyring maintainers, we no longer consider 1024D keys to be
>> > trustable. We are not yet mass-removing them, because we don't want to
>> > hamper th
Ondřej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]:
> On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
> > As keyring maintainers, we no longer consider 1024D keys to be
> > trustable. We are not yet mass-removing them, because we don't want to
> > hamper the project's work, but we definitiv
11 matches
Mail list logo
