multiple subkeys and key transition
Ben McGinnes
ben at adversary.org
Fri Dec 10 00:49:28 CET 2010
On 10/12/10 9:51 AM, John Clizbe wrote:
>
> If one is still using keys of the old signing default of DSA/1024, a
> 160-bit hash is the only choice available. That's dictated by the
> standard.
That's what I've got.
> But there's no pressing need to generate a new key -- one
> can just switch to using RIPEMD-160 instead of SHA-1. The fire alarm
> for SHA-1 has gone off and it's time to move safely and calmly to
> the exits. It's not worth panicking over, but folks should have a
> transition plan in place.
Which is what I'm trying to formulate.
> Or one can use enable-dsa2 in GnuPG and use any of the SHA2 hashes,
> they'll just be truncated down to 160 bits similarly to the
> SHA-224/SHA-256 arrangement described below.
Just to clarify, does this mean that SHA-256 or 512 (or whatever)
truncated to 160-bits prevent the potential collision attacks that
might be able to be launched against SHA-1?
> One of the very important, but least notied changes in RFC 4880 was
> that the WG made it much easier to amend the RFC without rewriting
> the entire document. This is how Camellia was included into OpenPGP
> and how ECC will most likely be included.
Ah, cool.
> Expect to see some movement once the new NIST hash competition is
> complete.
So around the end of 2012, assuming they stick to the schedule.
> I just created new keys after almost 8 years, my old key was
> 1024D/2048ElG. The new keys are 2048-DSA2/2048-RSA and a 3x2048-RSA
> OpenPGP card.
>
> 3072 just felt like overkill for me.
To quote Howard Tayler's _Schlock Mercenary_, "there's no such thing
as overkill, only 'Open fire!' and 'I need to reload!'" :)
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101210/e5bc56c8/attachment.pgp>
More information about the Gnupg-users
mailing list