Policy For Sunsetting GPG Keys < 2048 Bits
Martin Pitt
martin.pitt at ubuntu.com
Thu Nov 27 09:08:40 UTC 2014
Mark Shuttleworth [2014-11-27 9:01 +0000]:
> Are any of the ECC algorithms widely trusted yet?
For a simple and short executive answer I'd say "yes".
TTBOMK there are no solutions to the ECC discrete logarithm which are
better than the usual exponential brute force; contrary to prime
factorization (for RSA) where more efficient algorithms are being
discovered every other year. Some NIST standard curves have a certain
"NSA influenced" smell, but some standards like ED25519 are generally
considered trusted.
However, while ssh has supported ECC for a while, ECC support in gnupg
is *very* new: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html
(from just three weeks ago!)
We also still use gnupg 1.x by default, so at some point we should
move to gnupg 2. But at this point I think we are still better off
with updating our GPG keys to 4096 bit RSA than waiting for this
transition.
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the Ubuntu-release
mailing list