SHA1 broken?

Werner Koch wk at
Thu Feb 17 08:16:56 CET 2005

On Wed, 16 Feb 2005 15:05:07 -0500, Jason Harris said:

> The key creation time can be varied at will, and, I presume, v4 RSA

That's true.  However as long as we don't know how to calculate such a
block (and I just guessed that it is similar to the MD5 attack - which
is not necessary true) we don't know whether 4 bytes at a fixed offset
are sufficient.

> key material can be too, a la v3 "vanity" keyids.  But, is duplicating

No, they are not vulnerable like v3 keyids.

> While two v4 keys with the same fingerprint could "steal" userid
> certifications made by others, any signatures produced by the
> colliding keys, including selfsigs on their userids, can _not_

They world harm the WoT or any other method of checking the identity
of a key because you usually compare the fingerprints out of band.



More information about the Gnupg-users mailing list