validating other keys on your public keyring

[Bob Mathews]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 23 October 2002 22:52, Tuyen DINH wrote:
>  * is it equivalent or less secure to personally check the person's
>    keyid ?

Checking the 32-bit key ID is 100% insecure. I have a program that can fo=
rge=20
any desired 32-bit key ID on a DSA key, in only a couple of days running =
on=20
an old 350 MHz Pentium-II. It took me just a few hours to write, includin=
g=20
the time it took to learn to use the OpenSSL library. The same technique=20
should work with El Gamal keys. Forging a 64-bit key ID would be far more=
=20
difficult, but might be possible for someone willing to spend millions of=
=20
dollars in the attempt (that seems unlikely to me, though). Forging the f=
ull=20
160-bit fingerprint is pretty much impossible.

With old version 3 keys, the key ID is simply the lower bits of the RSA p=
ublic=20
modulus, so it's trivially easy to forge a key with someone else's 64-bit=
 key=20
ID on it.

 -bob mathews

-----BEGIN PGP SIGNATURE-----

iD8DBQE9uFFtPgDecCrBEpcRAqMFAKCpbhqHyOaJq5UlSFgiRUyEwnAmPwCfTbf9
O/f/nIasNQr+pxbQBSwHmSQ=3D
=3DiYi9
-----END PGP SIGNATURE-----