HOW to upgrade: 2.0.22 --> 2.3.3 ???
Robert J. Hansen
rjh at sixdemonbag.org
Fri Oct 4 09:47:50 CEST 2024
> to skip PGP-2 keys in existing keyrings. And of course the PGP-2
> encryption has not been broken - only signatures are vulnerable to the
> full MD5 hash algorithm attacks we know for 25 years.
Given that PGP 2.6 offered "military-grade" 1k RSA keys, I think it's
dangerous to think PGP 2.6 encryption is safe.
1k RSA is conjectured to require resolving about 80 bits of entropy.
Sixteen years ago (I think) a group of hobbyists broke RC5-64. An
equivalent project today would likely be able to threaten RC5-72. An
equivalent project spun up on an Amazon computing cloud would get
terrifyingly close to resolving 80 bits of entropy.
And that's for a hobbyist project run on a commercial cloud provider.
It seems reasonable to think that as budgets rise, so too does the risk.
PGP 2.6, particularly its defaults, is simply too old and generates keys
that are too small to effectively protect against today's threats. I'm
all in favor of keeping the decryption capability around for archival
reasons, but really, can we _please_ stop using PGP 2.6 since it's now a
quarter-century since the first commercial release of PGP 5 and the much
superior RFC2440 standard?
More information about the Gnupg-users
mailing list