[PATCH] Disable importing V3 public keys from keyservers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 10 16:36:12 CEST 2014


On 10/10/2014 10:32 AM, David Leon Gil wrote:
> On Fri, Oct 10, 2014 at 10:29 AM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
>> No, v3 fingerprints include the exponent as well:
>>
>>  https://tools.ietf.org/html/rfc4880#section-12.2
> 
> Sorry, of course you're right. The exponent at the end actually makes
> them much easier to forge (since it can be almost any number); you
> don't need to perform any bignum muls if you use Steven's
> chosen-prefix attack.

of course, if you do this, the keyids won't match (it'd be even worse
than it already is if the exponent was placed in front of the modulus --
then it'd be trivial to spoof both at once!)

but anyway, v3 keys need to die already.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141010/87ca6352/attachment.sig>


More information about the Gnupg-devel mailing list