OpenPGP headers

Werner Koch wk at gnupg.org
Tue Aug 10 19:34:58 CEST 2004


On Tue, 10 Aug 2004 17:28:54 +0200, Simon Josefsson said:

> Thanks.  If you know the algorithm and key size, is the attack much
> harder, or just slightly harder?  If it is much harder, I think that

Common wisdom from pgp2 times is to also compare the creation date of
the key - something we don't have anymore with v4 (i.e. OpenPGP keys)

With v4 keys comparing the fingerprint is sufficient.

Anyway, the keyID mail header is nothing more than a hint and easy to
fake.  Thus any additional information is simply misleading.

  Werner




More information about the Gnupg-devel mailing list