Policy For Sunsetting GPG Keys < 2048 Bits

Martin Pitt martin.pitt at ubuntu.com
Thu Nov 27 09:08:40 UTC 2014

Mark Shuttleworth [2014-11-27  9:01 +0000]:
> Are any of the ECC algorithms widely trusted yet?

For a simple and short executive answer I'd say "yes".

TTBOMK there are no solutions to the ECC discrete logarithm which are
better than the usual exponential brute force; contrary to prime
factorization (for RSA) where more efficient algorithms are being
discovered every other year. Some NIST standard curves have a certain
"NSA influenced" smell, but some standards like ED25519 are generally
considered trusted.

However, while ssh has supported ECC for a while, ECC support in gnupg
is *very* new: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html
(from just three weeks ago!)

We also still use gnupg 1.x by default, so at some point we should
move to gnupg 2. But at this point I think we are still better off
with updating our GPG keys to 4096 bit RSA than waiting for this

Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

More information about the technical-board mailing list