Hi, * Faramir <[EMAIL PROTECTED]> [2008-10-21 22:58:47 -0300]: > I had thought the long key ID, plus my email address, should be > enough, since 8 characters hexadecimal numbers are unlikely to produce a > collision, and even in case of a malicious attempt to replace my key, if > 2 keys are found at the search, I would expect a contact to write and > say "which one is the good one?"
Well, keys cannot be identified by the 8 chars alone. I've once been to a key-signing-party with about 150 people and guess what: There were collisions with other existing keys if you only would have looked at the last 8 chars of the fingerprint. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Treten Sie der Fellowship bei! [][][] (http://fsfe.org/join) Ihre Spende ermöglicht unsere Arbeit! || (http://fsfeurope.org/donate)
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
