[PATCH] Disable importing V3 public keys from keyservers
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Oct 10 16:36:12 CEST 2014
On 10/10/2014 10:32 AM, David Leon Gil wrote:
> On Fri, Oct 10, 2014 at 10:29 AM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
>> No, v3 fingerprints include the exponent as well:
>>
>> https://tools.ietf.org/html/rfc4880#section-12.2
>
> Sorry, of course you're right. The exponent at the end actually makes
> them much easier to forge (since it can be almost any number); you
> don't need to perform any bignum muls if you use Steven's
> chosen-prefix attack.
of course, if you do this, the keyids won't match (it'd be even worse
than it already is if the exponent was placed in front of the modulus --
then it'd be trivial to spoof both at once!)
but anyway, v3 keys need to die already.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141010/87ca6352/attachment.sig>
More information about the Gnupg-devel
mailing list