TOFU
Peter Lebbing
peter at digitalbrains.com
Wed Jun 21 21:04:09 CEST 2017
On 21/06/17 20:49, Peter Lebbing wrote:
> which would still
> be marginally safe until computers are much faster, and certainly not a
> short ID which is utterly unsafe and has always been.
Which *might* still be marginally safe. I haven't done any actual
calculations, and I want to seriously dissuade anyone from verifying
keys by their long key ID. Don't do it, kids! 64 bits can be brute
forced, but perhaps it might still be quite some effort to get a working
key with a colliding long ID.
I really should not have written it the way I did in the previous mail,
it was very sloppy.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170621/c1b5b2e3/attachment-0001.sig>
More information about the Gnupg-users
mailing list