AW: Why do Key Fingerprints include Creation Timestamp?
Fiedler Roman
Roman.Fiedler at ait.ac.at
Wed Jan 31 10:37:54 CET 2018
> Von: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] Im Auftrag von
>
> On Tue 2018-01-30 21:35:57 -0500, FuzzyDrawrings via Gnupg-users wrote:
> > Wouldn't it make more sense to hash only the public-key's MPI
> > value(s)? That way if an implementation's code fails to generate a
> > unique key-pair, it will be known because the fingerprint will be the
> > same as some other key.
> >
> > But as it is, with the Fingerprint hash including the timestamp, any
> > "colliding" keys will have different fingerprints and so will go
> > undetected.
> >
> > Is there a good reason for it to be this way?
>
> This is a great question, and one that i've struggled with over time. I
> currently think that including the creation time in the fingerprint is a
> *good* thing, but i have felt otherwise in the past.
Including it provides a fast way to generate keys without changing
cryptographic material (slow), thus speeds up creating keys with given 32
key-ID, 64 key-id might also be possible. Thus making it easier to provoke
human errors (fingerprints where first/last 16 bit are matching another key,
identical key-ID) ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4814 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180131/5cf3f4fd/attachment-0001.bin>
More information about the Gnupg-users
mailing list