How difficult is it to break the OpenPGP 40 character long fingerprint?

Robert J. Hansen rjh at
Tue Apr 2 02:04:04 CEST 2013

On 4/1/2013 6:38 PM, Melvin Carvalho wrote:
> differential path attack. On 8 November 2010, he claimed he had a fully
> working near-collision attack against full SHA-1 working with an
> estimated complexity equivalent to 257.5 SHA-1 compressions. He
> estimates this attack can be extended to a full collision with a
> complexity around 2^61.

This is not a preimage attack, which is what one would need to forge a
certificate fingerprint.

More information about the Gnupg-users mailing list