It's 2014. Are we there yet?
Nicholas Cole
nicholas.cole at gmail.com
Sat Apr 19 16:46:47 CEST 2014
On Sat, Apr 19, 2014 at 3:35 PM, One Jsim <one.jsim at gmail.com> wrote:
>
> from:
>
>
> http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery
>
>
> at 2014-04-19T14:49+1
>
>
> I retrieve
>
>
> "Yes, it is possible to create a public key with the same fingerprint as an
> existing one, thanks to a design misfeature in PGP 2.x when signing RSA
> keys. The fake key will not be of the same length, so it should be easy to
> detect. Usually such keys have odd key lengths"
>
>
> How percentage of PGP (or GPG?) users, do you think, know that checking
> fingerprint only is not an assurance against fake signatures? Did you know?
I *thought* [citation?] that this problem was fixed with version 4 keys.
N.
More information about the Gnupg-users
mailing list