[OpenAFS] AFS/Kerberos Workshop key signing

Russ Allbery rra@stanford.edu
Sat, 09 May 2009 14:13:34 -0700

For those of you who are coming to the 2009 AFS and Kerberos Best
Practices Workshop [1] who use PGP and who have an older key, you may
want to start thinking about generating a new PGP key in advance of the
workshop and then introducing it at a key signing there.

If you haven't been following the recent security news, a significant
new attack on SHA-1 was revealed at EuroCrypt this year, weakening its
protection against hash collisions to 2^52 from 2^63.  All 1024-bit DSA
GnuPG keys can only use a 160-bit hash, normally SHA-1.  You can set
your key preferences to use a different hash, but it still truncates to
160 bits.  See:


Also, SHA-1 and 1024-bit DSA is already not recommended for use after
2010 by the US government even before this attack.

So, if you have a 1024-bit DSA key or something older, it's probably
time to introduce a new key and be sure the key preferences are set to
use SHA-2 hashes.  I plan on going straight to 4096-bit RSA; I don't see
any reason not to.

It's a lot easier to introduce a new key at a conference where you can
immediately do a key signing, so this might be a good opportunity for a
lot of us.

[1] http://workshop.openafs.org/afsbpw09/index.html

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>