Security Officer PGP Key Type

From owner-freebsd-questions Fri Mar 3 10:55:57 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ns1.pedcom.com (ns1.pedcom.com [207.212.209.253]) by hub.freebsd.org (Postfix) with SMTP id 6955237BFB9 for ; Fri, 3 Mar 2000 10:55:51 -0800 (PST) (envelope-from asickels@netsworkinc.com) Received: from CORPBDC1 by ns1.pedcom.com via smtpd (for hub.FreeBSD.ORG [204.216.27.18]) with SMTP; 3 Mar 2000 18:55:51 UT Received: by corpbdc1 with Internet Mail Service (5.5.2650.21) id <19S85QTJ>; Fri, 3 Mar 2000 10:55:38 -0800 Message-ID: From: Alan Sickels To: "'freebsd-questions@freebsd.org'" Subject: Security Officer PGP Key Type Date: Fri, 3 Mar 2000 10:56:50 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01BF8542.106F6F9C" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BF8542.106F6F9C Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My apologies if this belongs in another list. I noticed the FreeBSD Security Officer is using an RSA key. According to the User's Guide for PGP 6.5, the only allowed message digest algorithim (used to sign messages) for RSA keys is MD5 (page 202). Also according to the documentation, "In 1996, MD5 was all but broken by a German cryptographer, Hans Dobbertin. Although MD5 was not completely broken at that time, it was discovered to have such serious weaknesses that no one should keep using it to generate signatures." (Page 203) In light of this information, shouldn't the key being used by the Security Officer be updated to one of the new DSS/Diffie-Hellman keys? -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBOMAKogadrv2mxWjBEQLXLACdFW7zwSR6BJ0f/NfYnODCP1bbOrQAoIuc ChaiLSPHzLfIf+eB8J+ilsLP =i8QF -----END PGP SIGNATURE----- ------_=_NextPart_001_01BF8542.106F6F9C Content-Type: text/html; charset="iso-8859-1" Security Officer PGP Key Type

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My apologies if this belongs in another list.

I noticed the FreeBSD Security Officer is using an RSA key. According
to the User's Guide for PGP 6.5, the only allowed message digest
algorithim (used to sign messages) for RSA keys is MD5 (page 202).
Also according to the documentation, "In 1996, MD5 was all but broken
by a German cryptographer, Hans Dobbertin. Although MD5 was not
completely broken at that time, it was discovered to have such
serious weaknesses that no one should keep using it to generate
signatures." (Page 203) In light of this information, shouldn't the
key being used by the Security Officer be updated to one of the new
DSS/Diffie-Hellman keys?

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBOMAKogadrv2mxWjBEQLXLACdFW7zwSR6BJ0f/NfYnODCP1bbOrQAoIuc
ChaiLSPHzLfIf+eB8J+ilsLP
=i8QF
-----END PGP SIGNATURE-----

------_=_NextPart_001_01BF8542.106F6F9C-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message