On Tue, Feb 25, 2014 at 02:34:01AM +0000, Marco d'Itri wrote: > enrico@enricozini.org wrote: > > >It also took me a long while to switch because I didn't understand that > >it was already this urgent, > Because unless you are paranoid, then it is not. > If anybody disagrees then please describe a credible threat model in > which: > - an entity would want to have access to the key of a DD, and > - would find brute forcing a 1024 bit key more practical than > stealing it or coercing a developer to disclose it. There's also the hash algorithm issue, which could lead to signature collision attacks (wether in data signing or in key signing). Regards, -- Yves-Alexis Perez
Attachment:
signature.asc
Description: Digital signature