ideal.dll

David Shaw dshaw at jabberwocky.com
Fri Jun 22 17:23:11 CEST 2012


On Jun 22, 2012, at 10:21 AM, vedaal at nym.hush.com wrote:

> Daniel Kahn Gillmor dkg at fifthhorseman.net wrote on
> Thu Jun 21 22:38:31 CEST 2012 :
> 
>> v3 keys have a serious
> vulnerability in that their fingerprint mechanism is trivially 
> gamable,
> so long keyid collisions are easy.
> 
> The 'serious vulnerability' you refer to, is trivially countered by 
> simply listing the keysize together with the fingerprint.

There is more than one attack against V3.  There is the "bit sliding" attack, where you can forge the whole fingerprint, but as a side effect it changes the keysize, and there is the DEADBEEF attack where you can forge the key ID, but not the fingerprint.  I believe Daniel is referring to DEADBEEF here.

Using DEADBEEF, I can make a V3 key with a 64-bit key ID without affecting the keysize.  It's an old attack, but is receiving more interest recently for some reason.

> If you have any evidence that such collisions are possible with the 
> resultant keysize being the same as the target keysize, please 
> post, thanks.

I just sent you a private mail containing a key with your key ID ;)

David




More information about the Gnupg-users mailing list