Archives
Archives
| From: | "Chí-Thanh Christopher Nguyễn" <chithanh@g.o> | ||
|---|---|---|---|
| To: | gentoo-project@l.g.o | ||
| Subject: | Re: [gentoo-project] let's stop using short gpg key ids, that's insecure | ||
| Date: | Mon, 02 Jan 2012 15:21:14 | ||
| Message-Id: | 4F01CB43.7010907@gentoo.org | ||
| In Reply to: | [gentoo-project] let's stop using short gpg key ids, that's insecure by "Paweł Hajdan | ||
| 1 | "Paweł Hajdan, Jr." schrieb: |
| 2 | > You've probably read (or should) |
| 3 | > <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html> |
| 4 | > which describes why using short gpg key ids is insecure. |
| 5 | |
| 6 | I came across this blog post via the slashdot story |
| 7 | http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred |
| 8 | and frankly I am not convinced that there is an actual security problem. |
| 9 | The short ID is just for easy finding of the key. It is not intended for |
| 10 | unique GPG key identification, and anybody who uses it that way deserves |
| 11 | a good beating with the cluebat. |
| 12 | |
| 13 | Best regards, |
| 14 | Chí-Thanh Christopher Nguyễn |