2048 or 4096 for new keys? aka defaults vs. Debian

Robert J. Hansen rjh at sixdemonbag.org
Sun Oct 27 18:27:26 CET 2013

On 10/27/2013 10:41 AM, MFPA wrote:
> Couldn't a cryptographically broken algorithm also raise the problem 
> of forged digital signatures?

Yes and no.  The mistake people make when discussing digital signatures
is to treat them as a purely mathematical exercise rather than as
something that exists within a legal framework.

Let's say that tomorrow I lose my passphrase and make a new keypair.
Then in 25 years someone approaches me with a signed OpenPGP message
dated Christmas 2013, saying "I agree to pay you one million dollars at
Christmas 2038."  I scream it's a forgery, they scream it's valid, we go
to trial.

Who do you think the judge will believe -- that this message, which
nobody can produce any evidence existed prior to 2038, is real?  Or that
it's some clever shenanigans made possible by newly-developed technology
which made my old keypair vulnerable?

Just because a digital signature can be forged *mathematically* is no
guarantee the signature can be forged *in actuality*.

More information about the Gnupg-users mailing list