Key ID format: short or long?

Michael Kesper mkesper at
Wed Oct 22 14:46:41 CEST 2008


* Faramir < at> [2008-10-21 22:58:47 -0300]:
>    I had thought the long key ID, plus my email address, should be
> enough, since 8 characters hexadecimal numbers are unlikely to produce a
> collision, and even in case of a malicious attempt to replace my key, if
> 2 keys are found at the search, I would expect a contact to write and
> say "which one is the good one?" 

Well, keys cannot be identified by the 8 chars alone.
I've once been to a key-signing-party with about 150 people and guess
what: There were collisions with other existing keys if you only would have
looked at the last 8 chars of the fingerprint.

Best wishes
Free Software Foundation Europe (FSFE) []         (
Treten Sie der Fellowship bei!       [][][]       (
Ihre Spende ermöglicht unsere Arbeit!  ||  (
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
URL: </pipermail/attachments/20081022/5baad5c0/attachment.pgp>

More information about the Gnupg-users mailing list