on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail]
David Shaw
dshaw at jabberwocky.com
Wed Feb 16 07:31:10 CET 2011
On Feb 15, 2011, at 11:44 PM, Robert J. Hansen wrote:
> On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote:
>> Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly
>> harder to spoof, but easily within reach of a well-funded organization.
>
> IIRC, Jon Callas says an accidental long-ID collision has occurred. I
> don't recall the details. Still, the point is that collisions don't
> just happen by deliberate attack.
One of the engineers working on PGP had generated a key and the keyserver had rejected it as non-unique. Unfortunately, the engineer chucked the key and made a new one...
http://www.mailinglistarchive.com/html/ietf-openpgp@imc.org/2011-01/msg00027.html
David
More information about the Gnupg-users
mailing list