[OpenAFS] AFS/Kerberos Workshop key signing

Russ Allbery rra@stanford.edu
Sat, 09 May 2009 14:13:34 -0700


For those of you who are coming to the 2009 AFS and Kerberos Best
Practices Workshop [1] who use PGP and who have an older key, you may
want to start thinking about generating a new PGP key in advance of the
workshop and then introducing it at a key signing there.

If you haven't been following the recent security news, a significant
new attack on SHA-1 was revealed at EuroCrypt this year, weakening its
protection against hash collisions to 2^52 from 2^63.  All 1024-bit DSA
GnuPG keys can only use a 160-bit hash, normally SHA-1.  You can set
your key preferences to use a different hash, but it still truncates to
160 bits.  See:

    http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
    http://www.debian-administration.org/users/dkg/weblog/48
    http://johans.dreamwidth.org/3744.html

Also, SHA-1 and 1024-bit DSA is already not recommended for use after
2010 by the US government even before this attack.

So, if you have a 1024-bit DSA key or something older, it's probably
time to introduce a new key and be sure the key preferences are set to
use SHA-2 hashes.  I plan on going straight to 4096-bit RSA; I don't see
any reason not to.

It's a lot easier to introduce a new key at a conference where you can
immediately do a key signing, so this might be a good opportunity for a
lot of us.

[1] http://workshop.openafs.org/afsbpw09/index.html

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>