Bugtraq mailing list archives

Re: 1024-bit RSA keys in danger of compromise

From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Thu, 28 Mar 2002 10:18:50 +0100

"Lucky Green" <shamrock () cypherpunks to> writes:

In light of the above, I reluctantly revoked all my personal 1024-bit
PGP keys and the large web-of-trust that these keys have acquired over
time.


And this is certainly the wrong thing to do.  Key revocations are not
the proper way to deal with algorithmic weaknesses.  Many people will
follow your advice and destroy large parts of the web of trust, and we
don't even know yet if there's a real threat (Bernstein himself said
so a few weeks ago, for example).

You don't revoke your keys just because someone can impersonate you,
using bugs in a widespread OpenPGP implementation, do you?

-- 
Florian Weimer                    Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Current thread:

1024-bit RSA keys in danger of compromise Lucky Green (Mar 25)
- Re: 1024-bit RSA keys in danger of compromise Len Sassaman (Mar 25)
- Re: 1024-bit RSA keys in danger of compromise Florian Weimer (Mar 28)
  - Re: 1024-bit RSA keys in danger of compromise Hugh Pierce (Mar 29)