signing key lifetime
Todd A. Jacobs
nospam@codegnome.org
Wed Sep 26 11:51:01 2001
On Wed, 26 Sep 2001, Edward Khoo wrote:
> message). Encryption key is petty much open to attacks from a third
> party (attacker) that wants to know the correct representaiton of 0s
> and 1s. With Moore's law on the attacker's side, attacker is able to
There's a big difference between a brute-force attack on a given session
key, and factoring the private key from the public key. Without factoring
the key, cracking one message should not make it any easier to crack
future messages.
Your answer also seems to perpetuate the idea that forged authentication
is somehow less dangerous than a cracked message. If you are using a DSA
signature to guarantee that a message/key/file has been properly
authenticated, then a successfully forged signature is perhaps even more
dangerous, because it breaks the web of trust.
The GnuPG documentation implies that the signing key is less vulnerable to
attack. But if the encryption key is vulnerable to brute-force attack,
what makes the signing key any less vulnerable?
--
Work: It's not just a job, it's an indenture.