On Mon, Dec 30, 2013 at 06:45:48PM +0100, Florian Weimer wrote: > * Kurt Roeckx: > > > On Sun, Dec 15, 2013 at 03:15:03AM +0000, adrelanos wrote: > >> > When you implement this, please ensure it isn't vulnerable to any > >> > duplicate-keyid problems: > >> > > >> > http://debian-administration.org/users/dkg/weblog/105 > >> > >> Damn, I wasn't aware of the latest news that long key ids are now also > >> insecure. Thank you for educating me. > > > > I think this really shouldn't suprise someone, and I think > > we've really been saying this for like 10 years. Please note > > that the "long key" is the last 64 bit of the fingerprint, > > not the whole 160 bit of the SHA-1. > > It's even worse. For v3 keys, the long key ID consists of the lowest > 64 bits of the modulus. If the long key ID happens to be odd, you > just have to generate a prime which is congruent 1 modulo 2**64, and > another prime that is congruent the desired long key ID, which is not > that much work (it's about as expensive as regular key generation). > For even key IDs, this wouldn't work if GnuPG has additional checks, > but I doubt it.
And I think this is why we got rid of v3 keys. Kurt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
