On Wed, 21 Jun 2017 21:04:09 +0200, Peter Lebbing wrote: > On 21/06/17 20:49, Peter Lebbing wrote: > > which would still > > be marginally safe until computers are much faster, and certainly > > not a short ID which is utterly unsafe and has always been. > > Which *might* still be marginally safe. I haven't done any actual > calculations, and I want to seriously dissuade anyone from verifying > keys by their long key ID. Don't do it, kids! 64 bits can be brute > forced, but perhaps it might still be quite some effort to get a > working key with a colliding long ID. > > I really should not have written it the way I did in the previous > mail, it was very sloppy.
What i have learned is that i use with my (online) friends a separate list with their name and fingerprint on, have let TOFU checked the first couple of messages and then give them full trust with TOFU. Since i have those contacts only sometimes, i think it's a good procedure comparing a Good Signature's fingerprint on my monitor with one from a paper list. (a copy of the paper list is also hidden in a another place) Regards Stefan
pgpEUvBuOpX6F.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
