home of the madduck/ blog/
GPG-key mania

Would all the paranoid crypto-users please stop flooding Planet Debian with GPG output?

And if you just cannot avoid it, please tag those posts meme, because that's what they are.

If you really think there's a need for a new key, you're one step ahead of me, because so far, there's only a theoretical attack and the valid question of whether this is actually something to worry about in the context of GPG (or in the context of Git, for that matter). There is no practical exploit out there, and I don't expect one that would endanger your use of GPG any time soon.

Of course, we ought to replace the current crypto infrastructure with a new one before the current one is compromised, but that should really be motivated by careful consideration and planning, not by lemming-like behaviour and the infamous tipping point.

I've long been meaning to clean up my key and may also switch to using a new one in the near future. However, I don't think there is an immediate need and I'll take time first to investigate the options — RSA is hardly free from problems or an optimal choice. For instance, why would I want to use an RSA key, which is limited in GPG to 4096 bit keys? Do we really want to deal with signatures that are 4-10 times longer than their DSA counterparts? When RSA is broken, will we see a replay of this whole key-replacing frenzy?

Wouldn't it make more sense to leverage the current situation and work on pushing/improving the DSA algorithm with larger keys, and to strive towards better algorithms in general, e.g. through SHA-3.

If you still need to replace your key, revoke the old one, point at the new one in the revocation reason, and please refrain from abusing feed aggregators from letting the world know. If gpg cannot follow the trust chain after the revocation, please fix it.

In the mean time, it is a good idea to use RIPEMD160 instead of SHA-1 for signing, with the following lines in ~/.gnupg/gpg.conf:

personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160
default-preference-list […] H10 H9 H8 H11 H3 […]

and to set the preferences on your key accordingly:

% gpg --edit-key $KEYID
> setpref […] H10 H9 H8 H11 H3 […]
> save
% gpg --send-key

Then, make sure RIPEMD160 is being used:

% gpg --clearsign -a </dev/null | grep '^Hash:'

I'll end with a link to a decent write-up on the cryptographic basics of GPG.