HOW to upgrade: 2.0.22 --> 2.3.3 ???

Bruce Walzer bwalzer at 59.ca
Fri Oct 4 18:17:34 CEST 2024


On Fri, Oct 04, 2024 at 10:35:02AM -0400, Robert J. Hansen via Gnupg-users wrote:
> > A nation state with the ability to crack 1024 bit RSA would not spend
> > years and billions of dollars on the messages/files of a single
> > entity.
> 
> They absolutely would, in a heartbeat, and they'd consider it a bargain.
> 
> Imagine some major world power has a copy of an old message from Vladimir
> Putin, signed in '99 using 1024-bit RSA.  Is it worth a billion dollars to
> break the key, allowing them to forge authentic-looking messages that could
> be useful in disinformation campaigns?

I am not suggesting that world leaders should continue to use 1024 bit
RSA to store their nuclear installation locations or sign their
offical pronouncements. I am merely pointing out that for 99.9999% of
GPG users dropping the old key format provided no benefit with respect
to key length. They could continue to use such keys indefinitely to
generate new messages with no real risk. Of course the bigger
usability issue here is that old messages encrypted using the old key
format still exist. Dropping support for decrypting such messages
entirely means that users lose access to those messages and gain no
potential benefit, even if they are a world leader.

Bruce



More information about the Gnupg-users mailing list