It's 2014. Are we there yet?
One Jsim
one.jsim at gmail.com
Sat Apr 19 17:00:15 CEST 2014
Any (easy) way to find out the version of a given key?
2014-04-19 15:46 GMT+01:00 Nicholas Cole <nicholas.cole at gmail.com>:
> On Sat, Apr 19, 2014 at 3:35 PM, One Jsim <one.jsim at gmail.com> wrote:
> >
> > from:
> >
> >
> >
> http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery
> >
> >
> > at 2014-04-19T14:49+1
> >
> >
> > I retrieve
> >
> >
> > "Yes, it is possible to create a public key with the same fingerprint as
> an
> > existing one, thanks to a design misfeature in PGP 2.x when signing RSA
> > keys. The fake key will not be of the same length, so it should be easy
> to
> > detect. Usually such keys have odd key lengths"
> >
> >
> > How percentage of PGP (or GPG?) users, do you think, know that checking
> > fingerprint only is not an assurance against fake signatures? Did you
> know?
>
>
> I *thought* [citation?] that this problem was fixed with version 4 keys.
>
> N.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140419/a3741984/attachment.html>
More information about the Gnupg-users
mailing list