-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/05/2016 01:34 PM, Robert J. Hansen wrote: >> If somebody can create a long-keyID-collision... > > That seems to be a big 'if' right now. Short collisions are easy; > long ones are nontrivial. Or did I miss something?
https://www.ietf.org/mail-archive/web/openpgp/current/msg07195.html .. but at least 1.4 and 2.0 won't be able to import a colliding 64 bit certificate as it is used as internal identifier as shown later in the thread iirc. Now, the real question discussed here though isn't really collission but preimage attack, that is a different story and far more difficult :) - -- - ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJWzwDdAAoJECULev7WN52F45EH/iuUsMpcQBnUMk8JGCAGDpAb EnOu4EEfK8QnCdQw3ggc/4Q02cH51SSx7k46PtYj74ENAQoJ13N20zFSzbR/Kfkj yVs6PVROLkVh48fmd12jho4BQ0wSUD02v8F0avtYnlt9IRy4neSX2L7ukeSGCiLB HIbPtbxAj1NnpZa0qov9DfImSaUIfAydks5McQML/S/r5rbySEKv53sXOCsDzs3t o/k0JH8b6/kkhlFfR8/3GyqETYW+Ty7jFs+HjxK2jdlTYIBhBUD+bv1xGXcqizkS aNR1BFBj+dFlBxr/b3KT2UTAtUT6WTJviXcKy2hcKafi2uKg3I2ToUbkLRFrn4k= =d5cw -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
