ideal.dll
vedaal at nym.hush.com
vedaal at nym.hush.com
Fri Jun 22 16:21:35 CEST 2012
Daniel Kahn Gillmor dkg at fifthhorseman.net wrote on
Thu Jun 21 22:38:31 CEST 2012 :
>v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially
gamable,
so long keyid collisions are easy.
The 'serious vulnerability' you refer to, is trivially countered by
simply listing the keysize together with the fingerprint.
The 'long keyid collisions' (which consist of generating new keys
over and over again, until getting one whose fingerprint matches
the target figerprint, is only possible with today's resources,
by *not constraining the size of the key*
(e.g. the 'fake key' might have 2791 bits, and so, won't fool any
of the remailer crowd that persists in using pgp 2.x.)
If you have any evidence that such collisions are possible with the
resultant keysize being the same as the target keysize, please
post, thanks.
>You should retire your v3 key, as should anyone else with such a
key.
Please!
Have made 'minimal' headway in trying to convince remailer people
to use gnupg and give up v3 keys.
Some remailers do use gnupg.
Main user arguments in holding onto pgp 2.x, isn't some bizarre
nostalgia, (they are willing to use Diastry's version which accepts
all hashes gnupg accepts (not just md5) and , except for Camellia,
all symmetric algorithms that gnupg accepts).
( I haven't used classic pgp2 since the first Disastry verion came
out.)
These are people who actually read each line of the source code of
pgp2.x.
I've asked in the past, if there could be a 'minimalist' gnupg
version, (e.g., using only RSA, 3DES, SHA1, and SHA 256 and maybe
only vintage necessary gnupg options) so that the source code is
small enough that someone can read it from scratch in a reasonable
amount of time (and not dependent on 'just keeping up with the
'diffs'.)
It would still be compatible with current gnupg, which would, by
default, honor the 3DES preferences in the 'minimalist' version.
( I wish I were fluent in C, and could write patches myself, and
cannibalize the early versions of gnupg, and come up with a draft
of code that just needs to be audited, fixed, and vetted, instead
of begging for features, but I'm not anywhere near ready :-((( ,
so I understand the futility/arrogance of asking for so much work
to be done, and for free, and am 'not pushing' it. )
In any event, I have other newer keys, and rarely use my v3 key
except for people who insist on it.
vedaal
More information about the Gnupg-users
mailing list