On Jun 22, 2012, at 10:21 AM, ved...@nym.hush.com wrote:

> Daniel Kahn Gillmor dkg at fifthhorseman.net wrote on
> Thu Jun 21 22:38:31 CEST 2012 :
> 
>> v3 keys have a serious
> vulnerability in that their fingerprint mechanism is trivially 
> gamable,
> so long keyid collisions are easy.
> 
> The 'serious vulnerability' you refer to, is trivially countered by 
> simply listing the keysize together with the fingerprint.

There is more than one attack against V3.  There is the "bit sliding" attack, 
where you can forge the whole fingerprint, but as a side effect it changes the 
keysize, and there is the DEADBEEF attack where you can forge the key ID, but 
not the fingerprint.  I believe Daniel is referring to DEADBEEF here.

Using DEADBEEF, I can make a V3 key with a 64-bit key ID without affecting the 
keysize.  It's an old attack, but is receiving more interest recently for some 
reason.

> If you have any evidence that such collisions are possible with the 
> resultant keysize being the same as the target keysize, please 
> post, thanks.

I just sent you a private mail containing a key with your key ID ;)

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to