Key ID format: short or long?
mkesper at fsfe.org
Wed Oct 22 14:46:41 CEST 2008
* Faramir <faramir.cl at gmail.com> [2008-10-21 22:58:47 -0300]:
> I had thought the long key ID, plus my email address, should be
> enough, since 8 characters hexadecimal numbers are unlikely to produce a
> collision, and even in case of a malicious attempt to replace my key, if
> 2 keys are found at the search, I would expect a contact to write and
> say "which one is the good one?"
Well, keys cannot be identified by the 8 chars alone.
I've once been to a key-signing-party with about 150 people and guess
what: There were collisions with other existing keys if you only would have
looked at the last 8 chars of the fingerprint.
Free Software Foundation Europe (FSFE)  (http://fsfeurope.org)
Treten Sie der Fellowship bei!  (http://fsfe.org/join)
Ihre Spende ermöglicht unsere Arbeit! || (http://fsfeurope.org/donate)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 315 bytes
Desc: Digital signature
More information about the Gnupg-users