TorChat icon indicating copy to clipboard operation
TorChat copied to clipboard

Published 20 hours ago verified publisher icon prof7bit

PGP Sign downloads

Open anonymous11486 opened this issue 12 years ago • 2 comments

Hi,

I noticed on your old issue tracker https://code.google.com/p/torchat/issues/detail?id=110 there was a request to pgp sign downloads.

Given the nature of this software and the incentive an adversary might have in distributing tampered copies.

If you do decide to sign these downloads using the below key is not recommended:

pub 1024D/3945A21D 2007-10-04 [expires: 2012-12-21] uid Bernd Kreuss [email protected] uid Bernd Kreuss [email protected] uid Bernd Kreuss [email protected] uid [jpeg image of size 8534] sub 4096g/68BE2E6D 2007-10-04 [expires: 2012-12-21]

As I believe there's a weakness with 1024 bit DSA keys. http://keyring.debian.org/creating-key.html and http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/

At the time of opening this bug 1024bit DSA keys are no longer the default in GPG (despite what the above link says). Perhaps you'd like to update to a shiny 4096bit RSA/RSA key.

anonymous11486 avatar Feb 15 '12 09:02 anonymous11486

Why not?

abvgdeyoj avatar Jul 30 '12 20:07 abvgdeyoj

That would be good.

adrelanos avatar Sep 30 '12 20:09 adrelanos