howto secure older keys after the recent attacks

Robert J. Hansen rjh at
Thu Sep 10 15:59:47 CEST 2009

> - When creating a new key,.. it uses the entropy, right? So is there
> some way to improve this entropy? Perhaps not using Linux but instead
> OpenBSD which might have a better PRNG (don't know if this is actually
> the case ;) ) or use a specific Linux kernel version where a newer and
> better PRNG was added?

Not really.  If there were good reasons to believe OpenBSD's entropy
collector was better than Linux's, the Linux crew would fix the code,
maybe even borrowing OpenBSD's entropy collector.

> -Currently the default (and I assume suggested) algorithm is RSA,
> right? How does DSA2 compare with it?

Arguing whether RSA or DSA2 is better is kind of like arguing whether
King Kong or Godzilla is better at stomping cities flat.

>  I once read, that RSA would
> provide a hash algorithm armor which the DSA's wouldn't have. Is this
> still true?

Yes.  No.  Not really.  Kind of.

RSA gives you a lot of freedom, yes.  You could put SHA512 on an RSA-3
(as in "three bits of key") signature and it won't bat an eyelash.  It's
_stupid_, but it won't bat an eyelash.

So, sure.  RSA gives you more freedom with hashes than DSA2, but that's
not necessarily a good thing.

> should lead to about the same "strenght"...

Beware of those numbers.  I don't know anyone who takes them seriously.
They are conjecture and speculation.  Educated conjecture and
speculation, sure: some of the brightest minds out there worked on the
conjecture and speculation -- but they're still conjecture and

That said, there's nothing wrong with using those numbers as long as you
remember that they're conjecture.

> So we have 512/256 bits for the later two,.. but per default much less
> for the asymmetric... Does this mean, that the other two are overkill
> for what we use in gpg?

Probably.  But it isn't as if it matters much.

> - When creating new keys (I'd like to "convince" some more friends to
> take part :) )... should they create their keys with gpg1 or gpg2? Or
> is the key generation equally secure?

If memory serves, the key generation code is identical between the 1.4
and 2.0 branches.

More information about the Gnupg-users mailing list