SHA1 broken?
Jason Harris
jharris at widomaker.com
Wed Feb 16 21:05:07 CET 2005
On Wed, Feb 16, 2005 at 07:59:24PM +0100, Werner Koch wrote:
> Assuming that the SHA-1 collision calculation is simialar to the MD5
> one, tehre is even no immediate danger due to the way the fingerprints
> are calculated: The first block used in the fingerprint calculation is
> more or less a constant and can't be change to create a working faked
> key.
The key creation time can be varied at will, and, I presume, v4 RSA
key material can be too, a la v3 "vanity" keyids. But, is duplicating
v4 key fingerprints a useful attack?
While two v4 keys with the same fingerprint could "steal" userid
certifications made by others, any signatures produced by the
colliding keys, including selfsigs on their userids, can _not_
be "stolen," TTBOMK.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050216/86a7f44b/attachment.pgp
More information about the Gnupg-users
mailing list