struggling with potential keyid conflicts

vedaal at vedaal at
Tue Jan 27 16:05:31 CET 2004

>Message: 2
>Date: Tue, 27 Jan 2004 10:22:05 -0500
>From: David Shaw <dshaw at>
>Subject: Re: struggling with potential keyid conflicts
>To: gnupg-users at


>The old PGP 2.x
>keys have trivially forgeable keyids and fingerprints.  There is
>way to really secure against that, as it is inherent in the key
>format.  Don't use them.

the eight character key id may be easy to forge,
but is the fingerprint too?

{afaik} none of the spoofs have involved a fingerprint,
but maybe there are some i haven't seen

does anyone know of a specific fingerprint spoof?



Concerned about your privacy? Follow this link to get
FREE encrypted email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

More information about the Gnupg-users mailing list