Collision attack against long Key Ids

[John Z.]

If its an OK, albeit simplistic question to ask - is there a reason
for this?

I don't track HN (the discussions style doesn't match my preference), but
I am very well aware of consistent and persistent campaign against GPG,
and its precisely that activism style that doesn't sit well with me.

While I'm not keen to trust HN users from the get go, I've read articles
by Ptacek and Moxie and what brings up alarm flags for me is precisely
that style; I'd expect more clinical, paper-supported proofs from
engineers with such high profiles, not "This is horrible don't use it."

Oh and for context, I completely admit, without shame, that I have very
little clue about the actual domain. Sure, I know what various primitives
do and best practices (and have ran through some Matasano challenges),
but as soon as we get into details of specific threat models, my head
starts to spin.


-- 
John Z.
"All my thoughts are burning,
 and I like how warm the fire can be..."


On Sat, Mar 14, 2026 at 11:47:50AM -0400, Robert J. Hansen via Gnupg-users wrote:
> > I have the feeling that attacks against PGP/GNUPG are being launched
> > based on alleged weaknesses that are later proven not to exist. I see
> > people recommending against using it based on these assumptions.
> 
> I've been involved in the PGP community since 1991. You are absolutely
> correct in what you're describing, but it's been this way for at least
> thirty-five years. It will likely always be this way.
> 




> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users