On Tue, Nov 29, 2005 at 06:00:32AM -0500, Atom Smasher wrote: > On Mon, 28 Nov 2005, David Shaw wrote: > > >On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote: > >>Ah,.. tanks :-) > >>So it sould be completely enough to verify Name/eMail and the > >>Fingerprint when signing another key,... and I don't have to compare > >>creation date/keysize/algorithm/etc., right? > > > >Not unless you're signing a PGP 2.x (v3) key. > ================== > > how feasible would it be for an attacker to create a small (512 bit?) v4 > key with the same key id as a target key (irrelevant of the size and > algorithm of the target key)?
It's pretty easy to create a short (eg, 99242560) key ID collision - just generate keys over and over on a resonably fast desktop machine until you collide. It's not yet realistic to create a long key ID collision (eg, DB698D7199242560) intentionally, though it does happen every now and then by accident. It's currently completely out of the question to intentionally create a colliding v4 fingerprint. To do so would imply a total break of SHA-1, in which case we have other problems. Note that even MD5 isn't broken to that extent. > it may not be practical today to do this with a fingerprint collision, but > i subscribe to the theory that it doesn't hurt to check the size and > algorithm of keys before signing them. It doesn't hurt, but it doesn't help either. Actually, it's not true that it doesn hurt - it does hurt a little if people start to believe that this actually protects them in a meaningful way. It's important to be honest with yourself. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
