Robert J. Hansen rjh at
Thu Jun 21 23:06:33 CEST 2012

On 06/21/2012 04:38 PM, Daniel Kahn Gillmor wrote:
> unfortunately, this is indeed the case.  v3 keys have a serious
> vulnerability in that their fingerprint mechanism is trivially gamable,
> so long keyid collisions are easy.

It's quite a bit worse than that, really.  If I understand things
correctly, the news media and antivirus companies are reporting that the
Flame malware used an MD5 collision to get their malware to report that
it had been signed by Microsoft.  If true, that's a clear sign that
MD5-based signatures of all sorts are now suspect.

I wish I could say that this puts the final nail in PGP 2.6's coffin,
but the reality is there's a huge installed userbase that won't change
for love or money.  All we can do is encourage people to not join them.

More information about the Gnupg-users mailing list