struggling with potential keyid conflicts
vedaal at hush.com
vedaal at hush.com
Wed Jan 28 06:42:02 CET 2004
>Message: 9
>Date: Tue, 27 Jan 2004 22:05:41 -0500
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Re: struggling with potential keyid conflicts
[...]
>> the eight character key id may be easy to forge, but is the
>> fingerprint too?
>
>Yes. The v3 fingerprint algorithm is flawed, and allows someone
>to
>trivially duplicate someone elses fingerprint. The giveaway is
>that
>the forged key cannot have the same size as the real key.
Thanks,
so the defense then against a fingerprint forgery is even more trivial:
a v3 user just lists his/her key size as well as the fingerprint and
keyid
(not yet a reason to drop v3's ;-) )
(the reason to maintain it, is the convenience of a
'one key fits all implementations'
as well as the accumulated trust and recognition over time)
vedaal
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
More information about the Gnupg-users
mailing list