GnuPG race causes misordered uids?
David Shaw
dshaw at jabberwocky.com
Thu May 8 17:29:21 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, May 05, 2003 at 11:23:08PM -0400, David Shaw wrote:
> On Mon, May 05, 2003 at 08:40:46PM +0200, Marcus Brinkmann wrote:
>
> > I amnot sure if the way the keyring is generated even leads to a
> > deterministic order of user IDs. But when I had the order as is in the
> > file, and just run the test (without rebuilding the keyring and everything),
> > I saw the buggy behaviour.
>
> Okay, I looked at this and what seems to be the problem is that some
> of the user IDs were generated in the same second. That foils the
> current user ID sorting algorithm.
>
> That may explain the problem you saw, but I think this isn't good
> behavior in general for GnuPG. If the "first uid is primary" behavior
> is going to be depended on by other programs, then we must guarantee
> that this is always true. It doesn't really matter what is used as
> the secondary sorting key, so long as it is reliable. I'm tempted to
> use the raw signature packet data - it's easily accessible, and is
> absurdly unlikely to collide.
Ok, I did this, and it seems to work ok. It's a corner case, but it's
nice to address those as well.
Still, this might not have been the problem you saw. Have you had any
luck reproducing it? I wrote a quick test and ran 40,000 cycles of
- --list-keys with no run giving the wrong answer.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+uJIY4mZch0nhy8kRAmQxAJwL7CcJoGT48KeofABsYTXwzoyTiACfQDWi
SO/sLz4EGgO/f/AnbPRMwTE=
=szHF
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list