> > A complicating factor is that PGP signature packets include a 64-bit > key ID which is a hash of the public key. However, that just requires > the attacker to randomize the attack and try around 2^64 calculations > until he finds a matching key ID, which might be feasible for a > state-level attacker. > > We've noted that a new feature of GPG 2.1.15 is that signatures are computed over full 20-byte SHA1 key fingerprints [1], in addition to 64-bit key IDs.
[1] http://gnupg-devel.gnupg.narkive.com/Z0EFUBU7/issuer-fingerprint-was-vanity-keys
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
