wk at gnupg.org
Mon Jun 25 16:50:17 CEST 2012
On Mon, 25 Jun 2012 16:18, johanw at vulcan.xs4all.nl said:
> That depends on your threat model. If signing messages is not so
> important to you but encrypting is, this advice is understandable. So
> let MD5 be broken, it matters not for encryption. Not that I would
Sure it matters. The self-signatures are bound using MD5 based
signatures and thus the user id and the web of trust signatures are
prone to MD5 attacks.
> Did anyone study the effect this has in using pgp 2 on modern Linux of
I don't care about PGP2 nor do the majority of crypto users. The RNG
from PGP2 is usually used as an early example on the design of a RNG.
> This suggests a threat model where your oponent has almost Stuxnet like
> capabilities. Since the pgp 2 days we get warnings about adapted
You seem to have that threat model: You created a 2k RSA key back in
2000. Even today it is not possible for any public institution to break
a 1024 bit key. Thus why are you still advocationg MD5?
> compilers, but I've never seen something like that surfacing. I'm not
> saying it is impossible but I doubt it is practically doable on a large
The business is that it shall not be visible on the surface. Kernel
based key loggers are a standard feature of most trojans.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users