Gentoo Archives: gentoo-project

From: "Chí-Thanh Christopher Nguyễn" <chithanh@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] let's stop using short gpg key ids, that's insecure
Date: Mon, 02 Jan 2012 15:21:14
Message-Id: 4F01CB43.7010907@gentoo.org
In Reply to: [gentoo-project] let's stop using short gpg key ids, that's insecure by "Paweł Hajdan
"Paweł Hajdan, Jr." schrieb:
> You've probably read (or should) > <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html> > which describes why using short gpg key ids is insecure.
I came across this blog post via the slashdot story http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred and frankly I am not convinced that there is an actual security problem. The short ID is just for easy finding of the key. It is not intended for unique GPG key identification, and anybody who uses it that way deserves a good beating with the cluebat. Best regards, Chí-Thanh Christopher Nguyễn