New GPG generated keys are 1024 bits

Bug #1240681 reported by vsespb on 2013-10-16
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Launchpad itself
High
William Grant

Bug Description

Recently I registered an account and started a PPA, new server-side key for binary packages was generated, and it's 1024bits. Isn't this too close to what can be cracked in (near) future?

Related branches

William Grant (wgrant) on 2013-11-29
Changed in launchpad:
importance: Undecided → High
status: New → Triaged
tags: added: precise-upgrade security
William Grant (wgrant) on 2014-03-11
Changed in launchpad:
assignee: nobody → William Grant (wgrant)
status: Triaged → In Progress
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
William Grant (wgrant) on 2014-03-11
tags: added: qa-ok
removed: qa-needstesting
William Grant (wgrant) on 2014-03-12
Changed in launchpad:
status: Fix Committed → Fix Released
Andy Brody (abrody) wrote :

When I create a new PPA, it reuses the existing 1024-bit RSA key. IMO this issue is not really fixed since there is no obvious way for existing users to use signing keys with acceptable strength.

https://bugs.launchpad.net/launchpad/+bug/1700167

On Tue, May 29, 2018 at 02:02:03AM -0000, Andy Brody wrote:
> When I create a new PPA, it reuses the existing 1024-bit RSA key. IMO
> this issue is not really fixed since there is no obvious way for
> existing users to use signing keys with acceptable strength.
>
> https://bugs.launchpad.net/launchpad/+bug/1700167

That is indeed a problem, but given that that other bug exists there's
no need to reopen this one.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers