Open AgentOak opened 4 years ago
Any plans to move to a secure key yet?
We will shortly update to a lengthier key. Thanks for your collaboration!
We will shortly update to a lengthier key. Thanks for your collaboration!
Get on this @polmr. This should have been done by Oct. 6th 2021. You workin' with nation states bro?
The debian APT repository that gets automatically added to your system when installing the mega-cmd deb package is signed using an RSA1024 key.
NIST recommendations disallowed the use of RSA1024 after 2010 and even RSA2048 keys are only permitted until 2030. Support for insecure 1024 bit keys was removed from browsers in 2014 already.
It is speculated that state-backed attackers may have the ability to crack 1024 bit keys (publicly a 829 bit keys has been cracked so far), which would allow them to install malicious software on affected systems.
To protect against man-in-the-middle attacks now and in the future, the key should be exchanged for a 3072+ bit key as soon as possible. Debian's own repositories use RSA4096 keys exclusively.