howto secure older keys after the recent attacks
philcerf at googlemail.com
Thu Sep 10 23:43:00 CEST 2009
On Thu, Sep 10, 2009 at 6:22 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> The Key ID is a substring (either the last 8 or 16 hex chars) of the Key
> Fingerprint (which is 40 hex chars). The Key ID is used nowhere in the
> internals of the OpenPGP specification, from what i can tell.
I think I've messed up the terms fingerprint and key ID, sorry :-(
> The fingerprint itself is used only in the designated revocation key
> , which is an acknowledged weakness of the cryptosystem . It's
> not used anywhere else that i can tell.
Ok,.. I'm confused now.
David said,.. the community would probably have to create a new key
type or version at some point.
But this sounds more, that if I simply don't use designated revocation
keys,... I don't use SHA1 at all,.. and would be fine to simply swtich
to another algorithm.
More information about the Gnupg-users