struggling with potential keyid conflicts
vedaal at hush.com
vedaal at hush.com
Tue Jan 27 16:05:31 CET 2004
>Message: 2
>Date: Tue, 27 Jan 2004 10:22:05 -0500
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Re: struggling with potential keyid conflicts
>To: gnupg-users at gnupg.org
[...]
>The old PGP 2.x
>(v3)
>keys have trivially forgeable keyids and fingerprints. There is
>no
>way to really secure against that, as it is inherent in the key
>format. Don't use them.
the eight character key id may be easy to forge,
but is the fingerprint too?
{afaik} none of the spoofs have involved a fingerprint,
but maybe there are some i haven't seen
does anyone know of a specific fingerprint spoof?
tia,
vedaal
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
More information about the Gnupg-users
mailing list