validating other keys on your public keyring
Thu Oct 24 21:58:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 23 October 2002 22:52, Tuyen DINH wrote:
> * is it equivalent or less secure to personally check the person's
> keyid ?
Checking the 32-bit key ID is 100% insecure. I have a program that can fo=
any desired 32-bit key ID on a DSA key, in only a couple of days running =
an old 350 MHz Pentium-II. It took me just a few hours to write, includin=
the time it took to learn to use the OpenSSL library. The same technique=20
should work with El Gamal keys. Forging a 64-bit key ID would be far more=
difficult, but might be possible for someone willing to spend millions of=
dollars in the attempt (that seems unlikely to me, though). Forging the f=
160-bit fingerprint is pretty much impossible.
With old version 3 keys, the key ID is simply the lower bits of the RSA p=
modulus, so it's trivially easy to forge a key with someone else's 64-bit=
ID on it.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----