changing the default for --keyid-format [was: Re: getting an encrypted file to show what public key was used]

David Shaw dshaw at
Tue May 29 22:43:07 CEST 2012

On May 29, 2012, at 3:34 PM, Daniel Kahn Gillmor wrote:

> On 05/29/2012 02:18 PM, David Shaw wrote:
>> The reason I bring it up is that using the v3 key attack, 64-bit key IDs have no particular benefit over 32-bit IDs for intentional collisions (i.e. an attacker generating a key with the same key ID as the victim in order to confuse matters and/or steal traffic).  It's just as easy to forge 64 bits as it is to forge 32…
> Right, which is why gpg should default to not processing/accepting v3
> keys either, frankly.  The window for v3 being deprecated started long
> ago.  If we expect people to rely on gpg for any sort of key management,
> it ought to have reasonably safe and sane defaults.

While I don't think the world is ready for a change in default visibility from 32 to 64 bit key IDs, I am in favor of this by default.


More information about the Gnupg-users mailing list