As you may have seen around the Internet, there was a
fairly significant break in the SHA-1 hash function, which is used
by default in GnuPG. This is worrisome, since GPG/PGP signatures are
one of the only things I'd actually trust to verify somebody's identity
online. So I've generated a new key with a 2048-bit RSA primary (for
SHA256 and SHA512 support) and a 4096-bit ElGamal encrypting key (which
took about 15 minutes to generate, so better be worth it). The key ID is
CB8AA0FF
, and the fingerprint is
5C35 D713 3E10 9A19 FFFC F58A 68E8 3B57 CB8A A0FF
I've already gone
ahead and signed the appropriate keys with it, and I'll be revoking the
old key in a couple of months.
Oh, I suppose I should put in an actual link to the new key. Here's my key transition statement, and here's the new key itself.
Want to comment on this? How about we talk on Mastodon instead? Share on Mastodon