Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-project
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-project@g.o
From: Chí-Thanh Christopher Nguyễn <chithanh@g.o>
Subject: Re: let's stop using short gpg key ids, that's insecure
Date: Mon, 02 Jan 2012 16:20:35 +0100
"Paweł Hajdan, Jr." schrieb:
> You've probably read (or should)
> <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html>
> which describes why using short gpg key ids is insecure.

I came across this blog post via the slashdot story
http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred
and frankly I am not convinced that there is an actual security problem.
The short ID is just for easy finding of the key. It is not intended for
unique GPG key identification, and anybody who uses it that way deserves
a good beating with the cluebat.

Best regards,
Chí-Thanh Christopher Nguyễn



References:
let's stop using short gpg key ids, that's insecure
-- Paweł Hajdan, Jr.
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
let's stop using short gpg key ids, that's insecure
Next by thread:
Re: let's stop using short gpg key ids, that's insecure
Previous by date:
let's stop using short gpg key ids, that's insecure
Next by date:
Re: let's stop using short gpg key ids, that's insecure


Updated Jul 05, 2012

Summary: Archive of the gentoo-project mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.