New results against SHA-1

Nicholas Cole nicholas.cole at
Mon May 4 12:16:14 CEST 2009

On Mon, May 4, 2009 at 9:24 AM, Werner Koch <wk at> wrote:
> On Fri,  1 May 2009 05:58, atom at said:
>> so... when is the open-pgp spec moving beyond SHA1 hashes to identify
>> public keys? what's next? will it have to be a bigger hash?
> OpenPGP does not claim that the fingerprint is a unique way to identify
> a key.

How does GPG cope if two keys on the keyring have the same FP?  AFAICS
that would make things very difficult for most of the front-ends,
especially if they had been relying on the uniqueness (in practice) of
the FP to specify which key to operate on.


More information about the Gnupg-users mailing list