Date: Fri, 3 Mar 2000 10:56:50 -0800 From: Alan Sickels <asickels@netsworkinc.com> To: "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Security Officer PGP Key Type Message-ID: <AB1BB6080088D3118345006097BEB7A409DC6D@fataex01.microsource.net>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BF8542.106F6F9C Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My apologies if this belongs in another list. I noticed the FreeBSD Security Officer is using an RSA key. According to the User's Guide for PGP 6.5, the only allowed message digest algorithim (used to sign messages) for RSA keys is MD5 (page 202). Also according to the documentation, "In 1996, MD5 was all but broken by a German cryptographer, Hans Dobbertin. Although MD5 was not completely broken at that time, it was discovered to have such serious weaknesses that no one should keep using it to generate signatures." (Page 203) In light of this information, shouldn't the key being used by the Security Officer be updated to one of the new DSS/Diffie-Hellman keys? -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBOMAKogadrv2mxWjBEQLXLACdFW7zwSR6BJ0f/NfYnODCP1bbOrQAoIuc ChaiLSPHzLfIf+eB8J+ilsLP =i8QF -----END PGP SIGNATURE----- ------_=_NextPart_001_01BF8542.106F6F9C Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2650.12"> <TITLE>Security Officer PGP Key Type</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>-----BEGIN PGP SIGNED MESSAGE-----</FONT> <BR><FONT SIZE=2>Hash: SHA1</FONT> </P> <P><FONT SIZE=2>My apologies if this belongs in another list.</FONT> </P> <P><FONT SIZE=2>I noticed the FreeBSD Security Officer is using an RSA key. According</FONT> <BR><FONT SIZE=2>to the User's Guide for PGP 6.5, the only allowed message digest</FONT> <BR><FONT SIZE=2>algorithim (used to sign messages) for RSA keys is MD5 (page 202).</FONT> <BR><FONT SIZE=2>Also according to the documentation, "In 1996, MD5 was all but broken</FONT> <BR><FONT SIZE=2>by a German cryptographer, Hans Dobbertin. Although MD5 was not</FONT> <BR><FONT SIZE=2>completely broken at that time, it was discovered to have such</FONT> <BR><FONT SIZE=2>serious weaknesses that no one should keep using it to generate</FONT> <BR><FONT SIZE=2>signatures." (Page 203) In light of this information, shouldn't the</FONT> <BR><FONT SIZE=2>key being used by the Security Officer be updated to one of the new</FONT> <BR><FONT SIZE=2>DSS/Diffie-Hellman keys?</FONT> </P> <P><FONT SIZE=2>-----BEGIN PGP SIGNATURE-----</FONT> <BR><FONT SIZE=2>Version: PGP Personal Privacy 6.5.3</FONT> </P> <P><FONT SIZE=2>iQA/AwUBOMAKogadrv2mxWjBEQLXLACdFW7zwSR6BJ0f/NfYnODCP1bbOrQAoIuc</FONT> <BR><FONT SIZE=2>ChaiLSPHzLfIf+eB8J+ilsLP</FONT> <BR><FONT SIZE=2>=i8QF</FONT> <BR><FONT SIZE=2>-----END PGP SIGNATURE-----</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01BF8542.106F6F9C-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AB1BB6080088D3118345006097BEB7A409DC6D>