struggling with potential keyid conflicts

vedaal at vedaal at
Wed Jan 28 06:42:02 CET 2004

>Message: 9
>Date: Tue, 27 Jan 2004 22:05:41 -0500
>From: David Shaw <dshaw at>
>Subject: Re: struggling with potential keyid conflicts


>> the eight character key id may be easy to forge, but is the
>> fingerprint too?
>Yes.  The v3 fingerprint algorithm is flawed, and allows someone
>trivially duplicate someone elses fingerprint.  The giveaway is
>the forged key cannot have the same size as the real key.


so the defense then against a fingerprint forgery is even more trivial:

a v3 user just lists his/her key size as well as the fingerprint and

(not yet a reason to drop v3's  ;-) )
(the reason to maintain it, is the convenience of a 
'one key fits all implementations'
as well as the accumulated trust and recognition over time)


Concerned about your privacy? Follow this link to get
FREE encrypted email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

More information about the Gnupg-users mailing list