Re: 1024-bit RSA keys in danger of compromise

From: Florian Weimer (Weimerat_private-Stuttgart.DE)
Date: Thu Mar 28 2002 - 01:18:50 PST

Next message: Klaus Ripke: "vuln in wwwisis: remote command execution and get files"

Previous message: pokleyzz sakamaniaka: "postnuke v 0.7.0.3 remote command execution"
Next in thread: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Reply: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Lucky Green" <shamrockat_private> writes:

> In light of the above, I reluctantly revoked all my personal 1024-bit
> PGP keys and the large web-of-trust that these keys have acquired over
> time.

And this is certainly the wrong thing to do.  Key revocations are not
the proper way to deal with algorithmic weaknesses.  Many people will
follow your advice and destroy large parts of the web of trust, and we
don't even know yet if there's a real threat (Bernstein himself said
so a few weeks ago, for example).

You don't revoke your keys just because someone can impersonate you,
using bugs in a widespread OpenPGP implementation, do you?

-- 
Florian Weimer 	                  Weimerat_private-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Next message: Klaus Ripke: "vuln in wwwisis: remote command execution and get files"
Previous message: pokleyzz sakamaniaka: "postnuke v 0.7.0.3 remote command execution"
Next in thread: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Reply: Hugh Pierce: "Re: 1024-bit RSA keys in danger of compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 28 2002 - 11:24:38 PST