Hello,
until about 2009 GnuPG [1] had dsa1024/elg2048 as default key algorithms.
There are still keys around with those algorithmus.
Recommendations from the US and Europe [2] only list DSA between 1900
and 3000 bits as allowed for legacy use. So it is clear that DSA1024
should not be used anymore.
How urgent is it to convince people to create new keypairs?
To me this means rephrased:
How strong or weak is this combination of keys for todays usage?
Wikipedia points out a strong sensitivity of the algorithm to the quality of
random number generators and that implementations could deliberately leak
information in the signature [3]. This alone probably is a reason to switch
keys.
Apart from the problems an attacker could be solving the discrete log problem.
A presentation from 2013 [4] assumes that advances are made towards solving
this in a practical time frame. Does somebody has good pointers on the state
of the art for this?
Because dsa1024/elg2048 used to be a default of GnuPG, I think it would be
helpful to point our users towards a well understood reasoning when and why
they should move to a better key-pair.
What do you think?
Best Regards,
Bernhard
[1] https://lists.gnupg.org/pipermail/gnupg-devel/2009-May/025079.html
[2]
https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.1.pdf
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf#page=66
[3]
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Sensitivity
[4]
https://isecpartners.com/media/105564/ritter_samuel_stamos_bh_2013_cryptopocalypse.pdf
--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
until about 2009 GnuPG [1] had dsa1024/elg2048 as default key algorithms.
There are still keys around with those algorithmus.
Recommendations from the US and Europe [2] only list DSA between 1900
and 3000 bits as allowed for legacy use. So it is clear that DSA1024
should not be used anymore.
How urgent is it to convince people to create new keypairs?
To me this means rephrased:
How strong or weak is this combination of keys for todays usage?
Wikipedia points out a strong sensitivity of the algorithm to the quality of
random number generators and that implementations could deliberately leak
information in the signature [3]. This alone probably is a reason to switch
keys.
Apart from the problems an attacker could be solving the discrete log problem.
A presentation from 2013 [4] assumes that advances are made towards solving
this in a practical time frame. Does somebody has good pointers on the state
of the art for this?
Because dsa1024/elg2048 used to be a default of GnuPG, I think it would be
helpful to point our users towards a well understood reasoning when and why
they should move to a better key-pair.
What do you think?
Best Regards,
Bernhard
[1] https://lists.gnupg.org/pipermail/gnupg-devel/2009-May/025079.html
[2]
https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.1.pdf
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf#page=66
[3]
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Sensitivity
[4]
https://isecpartners.com/media/105564/ritter_samuel_stamos_bh_2013_cryptopocalypse.pdf
--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Attached Files:
-
signature.asc (0.48 KB)