From: | "Chí-Thanh Christopher Nguyễn" <chithanh@g.o> | ||
---|---|---|---|
To: | gentoo-project@l.g.o | ||
Subject: | Re: [gentoo-project] let's stop using short gpg key ids, that's insecure | ||
Date: | Mon, 02 Jan 2012 15:21:14 | ||
Message-Id: | 4F01CB43.7010907@gentoo.org | ||
In Reply to: | [gentoo-project] let's stop using short gpg key ids, that's insecure by "Paweł Hajdan |
1 | "Paweł Hajdan, Jr." schrieb: |
2 | > You've probably read (or should) |
3 | > <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html> |
4 | > which describes why using short gpg key ids is insecure. |
5 | |
6 | I came across this blog post via the slashdot story |
7 | http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred |
8 | and frankly I am not convinced that there is an actual security problem. |
9 | The short ID is just for easy finding of the key. It is not intended for |
10 | unique GPG key identification, and anybody who uses it that way deserves |
11 | a good beating with the cluebat. |
12 | |
13 | Best regards, |
14 | Chí-Thanh Christopher Nguyễn |