Transitioning to a 4096-bit RSA OpenPGP key

I created a new GnuPG key two months ago (see key ID 0x4A456FBA). Now is a good a time as any to publicly announce it. Information for the key:

pub   4096R/4A456FBA 2009-05-08 [expires: 2015-01-01]
      Key fingerprint = E95D 7465 5B35 C5F6 B3B6  68CC 20C6 F0A6 4A45 6FBA
uid                  Samat K Jain 
uid                  Samat K Jain 
uid                  Samat K Jain 
uid                  Samat K Jain 
sub   4096R/8D18D72F 2009-05-15 [expires: 2015-01-01]

All this information (as well as the downloadable public key itself) is available on my CryptoKeys wiki page.

The new key uses 4096-bit RSA keys for both digital signatures and encryption. The change is prompted by questions regarding SHA-1’s viability, detailed by Daniel Gillmore. The concern is not new, as Bruce Schneier reported SHA-1 weaknesses back in 2005. The concerns have simply become worse, and they’re likely to become worse. So much so that the US government’s NIST has recommended the phasing out of SHA-1 by the end of 2010. GnuPG’s maintainers don’t trust SHA-1 either, as upstream GnuPG now defaults to RSA as well.

In this space was a paragraph (or four) describing a little bit more in detail the interaction between encryption algorithms (e.g. RSA, DSA), encryption keys, and hash algorithms (e.g. SHA-1/SHA-160, SHA-512), etc. But as an end-user, I don’t care, and I don’t think other end users need to care either. With encryption, I follow the mantra: use the defaults; more than likely you don’t have a clue what you’re doing if you stray. If you use OpenPGP and use an older DSA-based key (2048-bit RSA is safe), keep in mind there may be issues soon regarding it’s security, and you should switch to DSA-2 or RSA (the new default) instead.

Since SHA-1 hasn’t actually been broken yet, I’ve decided to set an expiration date on my old key (0x1A1993D3), rather than outright revoke it.


Microsoft's Hyper-V contribution is not outside their agenda

If you pay attention to Linux-related news, you may have heard that Microsoft has contributed code adding Hyper-V acceleration to the Linux kernel. This event is not something that falls outside of their corporate agenda (whether it falls out of their strategy, I’ll let Steve Balmer voice).

Hyper-V is Microsoft’s hypervisor, included with the server editions of Windows (somewhat similar to VMware Workstation or Sun’s VirtualBox). It lets you run other guest operating systems within the currently running one (called the host OS). Typically, virtualizing guest OSes is slow. To improve performance, rather than virtualizing everything, special drivers and software can be installed into the guest OS to make certain things faster (such as graphics, disk I/O, etc).

The popular Linux hypervisors (Xen, KVM, etc) don’t have special drivers like these for Windows, so they won’t be able to run Windows particularly quickly. With Microsoft’s contribution, Linux now will ship with built-in acceleration for Microsoft’s hypervisor, making Linux run that much faster. If you were an IT shop that simultaneously needed to maximize performance and run both Linux and Windows, would you:

  1. Run an open-source Linux hypervisor, and virtualize Windows (slow)
  2. Run Microsoft’s hypervisor, included with expensive Windows Server licenses, and virtualize Linux (fast)

The answer’s clear. Microsoft’s kernel contribution brings them good PR and satisfies real-world customer demands, while continuing to promote their agenda to make running Windows seem like the best choice. Smart move!

Deciphering Intel's new X25-M G2 SSD

My laptop hard disk is beginning to die. In what seems like perfect timing, Intel has released a refresh of their X25-M solid state disk (SSD) lineup (via Engadget and Ars Technica). The new models offer much over the old ones:

  • Manufactured on a 35 nm vs 50 nm process
  • Faster seek times, both read and write, leading to more I/O operations per second (IOPS)
  • Significantly less expensive (Cited as a 60% price drop, though that’s comparing at-introduction MSRPs. It’s still at least 25% less.)
  • Greater shock tolerance (1500 G vs 1000 G)
  • Future TRIM command support, via firmware upgrade. The ATA TRIM command mitigates SSD fragmentation problems that have been the cause of many performance issues.

While die shrinks usually lead to parts that consume less power, the new X25-M uses the same amount of power when active (150 mW), and actually more power when idle (75 mW vs 60 mW). Still, it’s significantly less power than most laptop hard disk drives (my Hitachi 7K200 idles at 800 mW). [Source: Intel’s technical specifications]

Of course, with all these changes, Intel decided to name the drives the same as the old ones, making it difficult for people who want to buy one right now to know what device they’re actually getting.

This kind of inane marketing isn’t new, with the most infamous example on my mind being the Linksys WRT54G. Linksys (so far) as made 6 different revisions of the exact same model, drastically changing the internal hardware throughout the revisions. While most people don’t care, a few did, such as those in the modder community (like myself) who wanted to run modified firmwares. Purchasing anything took a lot of research on the part of the buyer. Manufacturers really should be in the business of making their products easier to buy, not more difficult.

Fortunately, I’ve done the research for you: the new Intel SSDs do have slightly different part numbers, so you can tell the old parts from the new. For example, the old X25-M 80 GB disk has a part number of SSDSA2MH080G1C1, while the newer model has a part number of SSDSA2MH080G201. That is, the part numbers contain either a “G1” or a “G2” corresponding to the revision.

With the glowing positive reviews for the X25-M since it’s introduction a few months ago, its new lower price, and most importantly, the failure of my current laptop disk, I’m going to pick up one of these drives within a week.

Monospaced font for the Firefox AwesomeBar

In the shadow of my Flickr userstyle that adds black borders around photos, is another more simple one. Now on, Use a monospaced font for the AwesomeBar (aka the URL bar, URL field, etc).

This isn’t that original or clever, as it’s actually included in userChrome-example.css contained in most older Firefox user profiles. However, this file is no longer included with new profiles as of Firefox 3.5, so it’s a bit more difficult to discover.



Subscribe to Samat Says RSS