HOW to upgrade: 2.0.22 --> 2.3.3 ???
Bruce Walzer
bwalzer at 59.ca
Fri Oct 4 14:23:06 CEST 2024
On Fri, Oct 04, 2024 at 03:47:50AM -0400, Robert J. Hansen via Gnupg-users wrote:
> > to skip PGP-2 keys in existing keyrings. And of course the PGP-2
> > encryption has not been broken - only signatures are vulnerable to the
> > full MD5 hash algorithm attacks we know for 25 years.
>
> Given that PGP 2.6 offered "military-grade" 1k RSA keys, I think it's
> dangerous to think PGP 2.6 encryption is safe.
>
> 1k RSA is conjectured to require resolving about 80 bits of entropy.
There is more to factoring RSA numbers than just compute ability. You
need a large amount of memory (100s of Gb in the 1024 bit case)
tightly coupled to a lot of processing power to do the matrix
reduction phase of the number field sieve algorithm used. That's not
the sort of thing that is normally available commercially, rentable on
a yearly basis. Even if you just consider compute costs, you are
looking at price tag in the billions of dollars range[1].
A nation state with the ability to crack 1024 bit RSA would not spend
years and billions of dollars on the messages/files of a single
entity. They would be able to get the information they wanted for much
less. So for current OpenPGP usage, 1024 bit RSA is for all practical
purposes secure.
[1]https://crypto.stackexchange.com/questions/109810/how-could-a-1024-bits-rsa-modulus-be-most-economically-factored-within-months-to
Bruce
More information about the Gnupg-users
mailing list