[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how to specify "trust no signatures over hash X from this key"?
On Wed, May 06, 2009 at 12:27:13AM +0200, Ian G wrote:
> The predictions of the end of the world are premature. Note that nobody
> has stolen money through an MD5 as yet, and nobody has stolen money
> because of an RSA-512, either.
Maybe, but people have stolen money because of "too small RSA"
keys. It was RSA-320, not RSA-512. According to my sources, yp to and
including in the year 2007 (I don't know when it was stopped or
whether it was). Because the debit card of the swiss PostFinance was
using RSA-320 for authentication. As was the whole debit / credit card
system in France until the early 21st century; it seems there were
cases of theft up to 2001 in France.