[PATCH] Disable importing V3 public keys from keyservers
David Leon Gil
coruus at gmail.com
Fri Oct 10 16:32:36 CEST 2014
On Fri, Oct 10, 2014 at 10:29 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> No, v3 fingerprints include the exponent as well:
>
> https://tools.ietf.org/html/rfc4880#section-12.2
Sorry, of course you're right. The exponent at the end actually makes
them much easier to forge (since it can be almost any number); you
don't need to perform any bignum muls if you use Steven's
chosen-prefix attack.
More information about the Gnupg-devel
mailing list