Short ID Collision
Robert J. Hansen
rjh at sixdemonbag.org
Wed Dec 28 13:45:14 CET 2011
On 12/28/11 6:13 AM, Jerry wrote:
> Did anyone read about this reported problem with GnuPG and short
> keys?
There is no problem. We've known for quite a long time that short key
ID collisions are possible: that's why you can't rely on a short key ID
as a fingerprint.
There's room for some healthy debate on whether GnuPG should be sending
full fingerprints to query for keys, but honestly, calling this a
"problem" is really overstating things. There's some behavior that some
users find less than optimal, but that's not the same as saying there's
a bug in GnuPG that can cause crashes, reveal your data, or anything
else like that.
More information about the Gnupg-users
mailing list