[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached
|
From: |
Gunnar Wolf |
|
Subject: |
[Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached |
|
Date: |
Fri, 3 Jun 2016 17:43:24 -0500 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hi all,
For the full version, please read my post:
http://gwolf.org/node/4070
In short: In Debian, we found two keys sharing the «9F6C6333» short
ID, sporting the same name in them, but one of them is *not*
recognized by the supposed owner. Not only that, this key is signed by
three keys (not (yet?) uploaded to the global keyring) B29B232A,
F2C850CA and 789038F2 — Those are also the three short IDs for the
keys signing the legitimate key.
There are several tools relying on this (now very) weak 32-bit scheme;
the first such tool we found was precisely the «PGP pathfinder & key
statistics» service, which fails badly: Even specifying the full
fingerprints, I do get three (absolutely fake!) trust path into the
impostor:
http://pgp.cs.uu.nl/mk_path.cgi?FROM=AB41C1C68AFD668CA045EBF8673A03E4C1DB921F&TO=88BB08F633073D7129383EE71EA37A0C9F6C6333&PATHS=trust+paths
And the main reason I am writing this mail: SKS listings all show this
32-bit ID only. It does differentiate when keys collide on their short
keyids, but it promotes users using a weak representation; IMO we
should change SKS to show either long keyids or the full fingerprint.
Greetings,
- [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached,
Gunnar Wolf <=