On 08/24/2014 07:46 AM, Florian Weimer wrote: > The recommendation to rely on 64 bit key IDs is rather questionable > because V3 keys allow cheap construction of 64-bit key ID duplicates: > > <http://www.ietf.org/mail-archive/web/openpgp/current/msg00373.html>
This is not an issue with 64-bit key IDs, but an issue with v3 keys entirely. the v3 fingerprint itself is entirely forgeable. no one should be using v3 keys at all today, period. --dkg PS i agree that 64-bit key IDs are insufficient as well for v4 keys if you care about collisions, or if you have a powerful adversary (a preimage attack against a 64-bit truncated SHA1 digest is within reach of someone with weight to throw around, even if i can't do it handily on my laptop). this is why machines should use full fingerprints internally, and humans shouldn't really be exposed to any kind of keyids.
signature.asc
Description: OpenPGP digital signature