[PATCH] Disable importing V3 public keys from keyservers

David Leon Gil coruus at gmail.com
Fri Oct 10 16:32:36 CEST 2014


On Fri, Oct 10, 2014 at 10:29 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> No, v3 fingerprints include the exponent as well:
>
>  https://tools.ietf.org/html/rfc4880#section-12.2

Sorry, of course you're right. The exponent at the end actually makes
them much easier to forge (since it can be almost any number); you
don't need to perform any bignum muls if you use Steven's
chosen-prefix attack.



More information about the Gnupg-devel mailing list