On 05/29/2012 11:35 AM, Werner Koch wrote: > Use > > gpg --keyid-format long --decrypt sensitive_file.gpg > > to see the non-abbreviated key ID as stored in the file. Use this to > find the key on a server, etc.
i've seen a lot of these mistakes where people seem to think that 32-bit keyids are somehow collision-resistant. For example: https://lists.ubuntu.com/archives/uds-announce/2012-May/000234.html Perhaps GnuPG should change the default of --keyid-format from "short" to "long"? certainly, the 64-bit keyID itself is not as collision-resistant as the full fingerprint, but it does raise the bar for an attacker (and discourages users from just parrotting the 32-bit keyid if they don't understand what they're looking at). I think switching the default to "long" would be on balance a Good Thing. What do other people think? --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
