signing key lifetime

Todd A. Jacobs nospam@codegnome.org
Wed Sep 26 11:51:01 2001


On Wed, 26 Sep 2001, Edward Khoo wrote:


> message). Encryption key is petty much open to attacks from a third
> party (attacker) that wants to know the correct representaiton of 0s
> and 1s. With Moore's law on the attacker's side, attacker is able to
There's a big difference between a brute-force attack on a given session key, and factoring the private key from the public key. Without factoring the key, cracking one message should not make it any easier to crack future messages. Your answer also seems to perpetuate the idea that forged authentication is somehow less dangerous than a cracked message. If you are using a DSA signature to guarantee that a message/key/file has been properly authenticated, then a successfully forged signature is perhaps even more dangerous, because it breaks the web of trust. The GnuPG documentation implies that the signing key is less vulnerable to attack. But if the encryption key is vulnerable to brute-force attack, what makes the signing key any less vulnerable? -- Work: It's not just a job, it's an indenture.