[1.4.0] hidden recipient vs. ID 00000000
David Shaw
dshaw at jabberwocky.com
Sun Jan 30 00:18:19 CET 2005
On Sat, Jan 29, 2005 at 11:08:36PM +0100, Florian Weimer wrote:
> * David Shaw:
>
> >> All-0 is not a valid V3 key ID because its LSB is not set. All-1 is
> >> theoretically valid, but rather unlikely (it imposes rather strict
> >> requirements on the lower bits in both prime factors).
> >
> > True, but it doesn't matter in this case since all-0 and all-1 are
> > both valid in the context of the key ID in a session key packet since
> > v4 keys can be all-0 or all-1.
>
> But this is extremely unlikely.
Indeed. 1 in 2^64 chance for either.
> Currently, it's not computationally feasible to create such V4 keys.
Not computationally feasible to create such a collision, but I'm
talking about a natural collision: the all-0 or all-1 key ID has the
same chance as any other key ID in v4. Which is to say very, very
unlikely but not zero.
> IMHO, RFC 2440bis should even outlaw generation of keys which such
> key IDs.
I understand the desire to outlaw all-0 keys, but why would you outlaw
all-1 keys? (or did you just mean all-0?)
David
More information about the Gnupg-devel
mailing list