New results against SHA-1
Nicholas Cole
nicholas.cole at gmail.com
Mon May 4 12:16:14 CEST 2009
On Mon, May 4, 2009 at 9:24 AM, Werner Koch <wk at gnupg.org> wrote:
> On Fri, 1 May 2009 05:58, atom at smasher.org said:
>
>> so... when is the open-pgp spec moving beyond SHA1 hashes to identify
>> public keys? what's next? will it have to be a bigger hash?
>
> OpenPGP does not claim that the fingerprint is a unique way to identify
> a key.
How does GPG cope if two keys on the keyring have the same FP? AFAICS
that would make things very difficult for most of the front-ends,
especially if they had been relying on the uniqueness (in practice) of
the FP to specify which key to operate on.
N.
More information about the Gnupg-users
mailing list