ideal.dll

vedaal at nym.hush.com vedaal at nym.hush.com
Fri Jun 22 16:21:35 CEST 2012 

Daniel Kahn Gillmor dkg at fifthhorseman.net wrote on
Thu Jun 21 22:38:31 CEST 2012 :

>v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially 
gamable,
so long keyid collisions are easy.

The 'serious vulnerability' you refer to, is trivially countered by 
simply listing the keysize together with the fingerprint.

The 'long keyid collisions' (which consist of generating new keys 
over and over again, until getting one whose fingerprint matches 
the target figerprint, is only possible with today's resources, 
by *not constraining the size of the key* 
(e.g. the 'fake key' might have 2791 bits, and so, won't fool any 
of the remailer crowd that persists in using pgp 2.x.)

If you have any evidence that such collisions are possible with the 
resultant keysize being the same as the target keysize, please 
post, thanks.


>You should retire your v3 key, as should anyone else with such a 
key.
Please!

Have made 'minimal' headway in trying to convince remailer people 
to use gnupg and give up v3 keys.

Some remailers do use gnupg.

Main user arguments in holding onto pgp 2.x, isn't some bizarre 
nostalgia, (they are willing to use Diastry's version which accepts 
all hashes gnupg accepts (not just md5) and , except for Camellia, 
all symmetric algorithms that gnupg accepts).
( I haven't used classic pgp2 since the first Disastry verion came 
out.)

These are people who actually read each line of the source code of 
pgp2.x.

I've asked in the past, if there could be a 'minimalist' gnupg 
version, (e.g., using only RSA, 3DES, SHA1, and SHA 256 and maybe 
only vintage necessary gnupg options) so that the source code is 
small enough that someone can read it from scratch in a reasonable 
amount of time (and not dependent on 'just keeping up with the 
'diffs'.)

It would still be compatible with current gnupg, which would, by 
default, honor the 3DES preferences in the 'minimalist' version.

( I wish I were fluent in C, and could write patches myself, and 
cannibalize the early versions of gnupg, and come up with a draft 
of code that just needs to be audited, fixed, and vetted, instead 
of begging for features, but I'm not anywhere near ready :-(((  ,

so I understand the futility/arrogance of asking for so much work 
to be done, and for free, and am 'not pushing' it. )

In any event, I have other newer keys, and rarely use my v3 key 
except for people who insist on it.


vedaal

More information about the Gnupg-users mailing list