On Fri 2016-06-03 15:25:36 -0400, Gunnar Wolf wrote: > GnuPG2 defaults to returning short key IDs when listing keys. Short > key IDs are quite vulnerable to collisions, and their use should be > strongly discouraged. > > I wrote the following with a progression of attacks; this is all > well-known for years. > > http://gwolf.org/node/4070 > > So, in short: Please add "keyid-format 0xlong" to > /usr/share/gnupg2/gpg-conf.skel
I've repeatedly suggested to upstream that we should change this default (in the software, not just in gpg-conf.skel), but it hasn't happened yet. see the changes i've posted here: https://lists.gnupg.org/pipermail/gnupg-devel/2016-January/030742.html If upstream decides to not do this, we've discussed having the debian packages diverge from upstream in some specific circumstances, and i think this might be one place to do it. I certainly have no objections to changing the default keyid-format in debian. However, I'm a little torn about what to change it to. the long keyID itself is only 64 bits, which means it's trivial to mount a collision attack, and that a pre-image is definitely in range of a moderately-well-funded attacker. So i'm inclined to think the actual Right Thing is either to use the full fingerprint (in cases where cryptographic integrity is desired) or to show nothing cryptographic at all, leaving only the non-cryptographic (and obviously forgeable) human-readable details. I've explored this thinking in a little more detail on my blog [0]. So i'd actually be happier with "keyid-format none" or "keyid format fingerprint" [1] than with "keyid-format long" but i agree that "long" or "0xlong" is still superior to the current situation. --dkg [0] https://www.debian-administration.org/users/dkg/weblog/105 [1] https://bugs.gnupg.org/gnupg/issue1445
signature.asc
Description: PGP signature

