on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail]

David Shaw dshaw at jabberwocky.com
Wed Feb 16 07:31:10 CET 2011

On Feb 15, 2011, at 11:44 PM, Robert J. Hansen wrote:

> On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote:
>> Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly
>> harder to spoof, but easily within reach of a well-funded organization.
> IIRC, Jon Callas says an accidental long-ID collision has occurred.  I
> don't recall the details.  Still, the point is that collisions don't
> just happen by deliberate attack.

One of the engineers working on PGP had generated a key and the keyserver had rejected it as non-unique.  Unfortunately, the engineer chucked the key and made a new one...



More information about the Gnupg-users mailing list