on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Feb 16 05:35:58 CET 2011

On 02/15/2011 09:22 PM, Lists.gnupg at mephisto.fastmail.net wrote:
> If you have your public key published somewhere, such as on a key
> server, the Key ID is a way for other people to unambiguously look up
> the full key.

You're quite correct that the key ID provides a handle that references
the actual public key, and is not the public key itself.

However, the key ID is not guaranteed to be unique.  In fact, short key
IDs (of the form 0xDEADBEEF) are trivial to find collisions for -- there
just aren't enough of them, so the search space is small enough to
exhaust with very commonplace hardware.

Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly
harder to spoof, but easily within reach of a well-funded organization.

the full fingerprint itself (mine is
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9) is much closer to what you
describe as an "unambiguous lookup".  While the spec counsels that it is
also possible for two keys to share a fingerprint, the chances of that
happening are believed to be dramatically closer to 0 than the other
shorter forms:


Note also that long-form keyID is just the last 16 hex digits of the
fingerprint, and the short-form keyID is just the last 8 hex digits.  So
if you know the fingerprint, you know the other identifiers.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110215/f1b89c5b/attachment.pgp>

More information about the Gnupg-users mailing list