Should strong RSA key with SHA1 self-signature in public key to be considered weak?

catpnosis

12/27/22, 6:53 AM

Older RSA-4096 GPG keys generated when SHA1 still thought to be acceptable have public key self-signed with SHA1. Shall this considered to be weak key? And with what arguments? AFAIK, GPG key ids are still use SHA1. So, maybe this is not major issue either, because other party will have full public key anyway.

0 + 0

rsa

signature

pgp

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Should strong RSA key with SHA1 self-signature in public key to be considered weak?

TH: คีย์ RSA ที่แข็งแกร่งพร้อมลายเซ็นตนเอง SHA1 ในคีย์สาธารณะควรถือว่าอ่อนแอหรือไม่

RO: Cheia RSA puternică cu autosemnătura SHA1 în cheie publică ar trebui să fie considerată slabă?

RU: Должен ли надежный ключ RSA с самоподписью SHA1 в открытом ключе считаться слабым?

VI: Khóa RSA mạnh có chữ ký tự SHA1 trong khóa chung có bị coi là yếu không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.