On 08/24/2014 07:46 AM, Florian Weimer wrote: > The recommendation to rely on 64 bit key IDs is rather questionable > because V3 keys allow cheap construction of 64-bit key ID duplicates: > > <http://www.ietf.org/mail-archive/web/openpgp/current/msg00373.html>
This is not an issue with 64-bit key IDs, but an issue with v3 keys
entirely. the v3 fingerprint itself is entirely forgeable.
no one should be using v3 keys at all today, period.
--dkg
PS i agree that 64-bit key IDs are insufficient as well for v4 keys if
you care about collisions, or if you have a powerful adversary (a
preimage attack against a 64-bit truncated SHA1 digest is within reach
of someone with weight to throw around, even if i can't do it handily on
my laptop). this is why machines should use full fingerprints
internally, and humans shouldn't really be exposed to any kind of keyids.
signature.asc
Description: OpenPGP digital signature
