On Sat, Apr 19, 2014 at 3:35 PM, One Jsim <one.j...@gmail.com> wrote: > > from: > > > http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery > > > at 2014-04-19T14:49+1 > > > I retrieve > > > "Yes, it is possible to create a public key with the same fingerprint as an > existing one, thanks to a design misfeature in PGP 2.x when signing RSA > keys. The fake key will not be of the same length, so it should be easy to > detect. Usually such keys have odd key lengths" > > > How percentage of PGP (or GPG?) users, do you think, know that checking > fingerprint only is not an assurance against fake signatures? Did you know?
I *thought* [citation?] that this problem was fixed with version 4 keys. N. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users