New results against SHA-1

Nicholas Cole nicholas.cole at
Tue May 5 00:33:35 CEST 2009

On Mon, May 4, 2009 at 10:01 PM, John W. Moore III
<jmoore3rd at> wrote:
> Hash: SHA512
> Nicholas Cole wrote:
>> How does GPG cope if two keys on the keyring have the same FP?  AFAICS
>> that would make things very difficult for most of the front-ends,
>> especially if they had been relying on the uniqueness (in practice) of
>> the FP to specify which key to operate on.
> Please show Me an example of this happening in the Real World.
> JOHN 8-)

Well, I'm just not that lucky! Or is that unlucky?  It is possible,
though, that someone, somewhere will be.  If the story reported
earlier in this thread is right, someone already has been.

Wouldn't a way around some of the (unlikely) problems be for gpg to
give each key on the keyring a guaranteed unique number (guaranteed,
for example, to be unique on that keyring), and allow users and
front-ends to specify a key by that number?  This might even be as
simple as a number generated by pre-pending the number of the key in
the standard --list-keys output to the fingerprint.



More information about the Gnupg-users mailing list