[kwlug-disc] Using 4096-bit RSA for keysigning party (NOT defaults)

Chris Frey cdfrey at foursquare.net
Sat Sep 11 17:14:17 EDT 2010

On Sat, Sep 11, 2010 at 01:34:21PM -0400, Denver Gingerich wrote:
> Unfortunately, they might not be. ?On most distros released before
> about May 2009 (and probably more), the default GnuPG settings will
> give you a 1024-bit DSA key, which is quite vulnerable to attacks due
> to its reliance on SHA-1:

As another person in private has mentioned, I think considering
SHA-1 to be "quite vulnerable" to be overstating it.  When I first
heard of the SHA-1 issue, I was concerned too, but as far as I know
there have been no actual collisions found in the wild.  It has just
been proven that collisions will be easier to find than first thought.

> http://www.debian-administration.org/users/dkg/weblog/48
> As recommended in the above article, users should select RSA and I
> would personally recommend using the maximum key size of 4096 bits.
> So please do NOT use the defaults and instead choose 4096-bit RSA.
> This will give us a much stronger web of trust.

I would encourage anyone to use a larger key size if they choose.

The first key in the pair is used for signing, while the second one is
used for encryption.  The web of trust relies on the signing key.

Unfortunately, some versions of GPG don't make it easy to create a
signing key larger than 1024 bits.

For example, if you are using gpg 1.4.9, the defaults give you a 1024 bit
signing key and a 2048 bit encryption key.  I don't seen an option to
create an RSA/RSA pair, either.   On 1.4.10, the bit sizes seem to be
the same for both, defaulting to RSA for both keys, with 2048 bits.
And practically speaking, 2048 bits is pretty danged good. :-)

> > ? ? ?gpg --fingerprint dc6371d5
> > ? ? ?pub 1024D/DC6371D5 2006-12-02 [expires: 2011-12-01]
> > ? ? ?Key fingerprint = 7D71 47F2 3F61 B0E1 5F3C 68A4 819A 39D8 DC63
> > 71D5
> > ? ? ?uid Chris Frey (cube)
> > ? ? ?sub 4096g/C2855553 2006-12-02 [expires: 2011-12-01]
> I hate to break it to Chris, but his key is one of the potentially
> vulnerable. ?"pub 1024D" means 1024-bit DSA. ?I would especially
> recommend that Chris generate a new key before the meeting, being the
> keymaster and all.

I've had this key for a while now, so it might be worth changing anyhow.
I don't think it is worth a panic yet.  It is good you brought this up,
though, because my next key, whenever I do create it, should have
a larger key. :-)

Thanks for the heads-up!
- Chris

More information about the kwlug-disc mailing list