howto secure older keys after the recent attacks

Philippe Cerfon philcerf at googlemail.com
Thu Sep 10 16:51:05 CEST 2009


Hi Robert.



On Thu, Sep 10, 2009 at 3:59 PM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> Not really.  If there were good reasons to believe OpenBSD's entropy
> collector was better than Linux's, the Linux crew would fix the code,
> maybe even borrowing OpenBSD's entropy collector.

Ah,.. right... it was the other way round it didn't work (GPL2 to BSD ;) )


>> -Currently the default (and I assume suggested) algorithm is RSA,
>> right? How does DSA2 compare with it?
> Arguing whether RSA or DSA2 is better is kind of like arguing whether
> King Kong or Godzilla is better at stomping cities flat.

One should perhaps count in all the King Kong vs. Godzilla moviews,..
who has won more often? ;-)


>>  I once read, that RSA would
>> provide a hash algorithm armor which the DSA's wouldn't have. Is this
>> still true?
>
> Yes.  No.  Not really.  Kind of.

ooook...  ^^


>> should lead to about the same "strenght"...
>
> Beware of those numbers.  I don't know anyone who takes them seriously.
> They are conjecture and speculation.  Educated conjecture and
> speculation, sure: some of the brightest minds out there worked on the
> conjecture and speculation -- but they're still conjecture and
> speculation.
>
> That said, there's nothing wrong with using those numbers as long as you
> remember that they're conjecture.

Ok,.. I see.

> If memory serves, the key generation code is identical between the 1.4
> and 2.0 branches.
Thanks :)


Philippe.



More information about the Gnupg-users mailing list