Second OpenPGP-card
Werner Koch
wk at gnupg.org
Wed Feb 28 10:32:43 CET 2024
On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
> Therefore, pass(1) almost certainly has its own list of keys stored
pass stores the fingerprints of the keys in a .gpg-id file and allows to
set different ones per directories.
> logarithm problem and /vice versa/. Accordingly, RSA1024 is now
> considered sufficiently dubious that some implementations no longer
> support it, such as the go-crypto/openpgp library used by the newer
Which is a Bad Idea because it is up to the user or their implementation
to decide which keys are trustworthy. Being able to revoke rsa1024 keys
is a useful feature. Although MD5 (PGP2) can be considered as fully
broken, rsa1024 is not in general broken.
But ist is pretty fashionable to use an easy to exploit OS (e.g. not
using the latest Linux kernel) and musing about RSA key strength. Keep
Shamir's law in mind.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240228/6b8bf767/attachment.sig>
More information about the Gnupg-users
mailing list