Key ID format: short or long?

Michael Kesper mkesper at fsfe.org
Wed Oct 22 14:46:41 CEST 2008


Hi,

* Faramir <faramir.cl at gmail.com> [2008-10-21 22:58:47 -0300]:
 
>    I had thought the long key ID, plus my email address, should be
> enough, since 8 characters hexadecimal numbers are unlikely to produce a
> collision, and even in case of a malicious attempt to replace my key, if
> 2 keys are found at the search, I would expect a contact to write and
> say "which one is the good one?" 

Well, keys cannot be identified by the 8 chars alone.
I've once been to a key-signing-party with about 150 people and guess
what: There were collisions with other existing keys if you only would have
looked at the last 8 chars of the fingerprint.

Best wishes
Michael
-- 
Free Software Foundation Europe (FSFE) []         (http://fsfeurope.org)
Treten Sie der Fellowship bei!       [][][]       (http://fsfe.org/join)
Ihre Spende ermöglicht unsere Arbeit!  ||  (http://fsfeurope.org/donate)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
URL: </pipermail/attachments/20081022/5baad5c0/attachment.pgp>


More information about the Gnupg-users mailing list