AFS/Kerberos Workshop key signing

Russ Allbery rra at
Sat May 9 17:13:34 EDT 2009

For those of you who are coming to the 2009 AFS and Kerberos Best
Practices Workshop [1] who use PGP and who have an older key, you may
want to start thinking about generating a new PGP key in advance of the
workshop and then introducing it at a key signing there.

If you haven't been following the recent security news, a significant
new attack on SHA-1 was revealed at EuroCrypt this year, weakening its
protection against hash collisions to 2^52 from 2^63.  All 1024-bit DSA
GnuPG keys can only use a 160-bit hash, normally SHA-1.  You can set
your key preferences to use a different hash, but it still truncates to
160 bits.  See:

Also, SHA-1 and 1024-bit DSA is already not recommended for use after
2010 by the US government even before this attack.

So, if you have a 1024-bit DSA key or something older, it's probably
time to introduce a new key and be sure the key preferences are set to
use SHA-2 hashes.  I plan on going straight to 4096-bit RSA; I don't see
any reason not to.

It's a lot easier to introduce a new key at a conference where you can
immediately do a key signing, so this might be a good opportunity for a
lot of us.


Russ Allbery (rra at             <>

More information about the Kerberos mailing list