[Prev] Thread [Next] |
[Prev] Date [Next]
Re: Fix revocation keys instead of fingerprints? (was Re: Non-SHA-1 fingerprints)
Daniel A. Nagy
Thu May 07 11:01:01 2009
David Shaw wrote:
> On May 5, 2009, at 2:13 AM, Daniel A. Nagy wrote:
>> David Shaw wrote:
>>> It's a larger problem than just fingerprints. We also use a fingerprint
>>> as a specifier inside the revocation key subpacket, to designate which
>>> key can be used to issue revocations on our behalf. The thing is,
>>> though, a fingerprint isn't really a very good revocation key specifier:
>>> * Must be human-readable
>>> * Needs to be small to be useful
>>> * Can collide to some small amount (4880 even documents that they
>>> collide in section 12.2)
>> That's not the fingerprint. That's the key ID.
> A nit, but that really is the fingerprint.
> Note that there is a much smaller, but still non-zero, probability
> that two different keys have the same fingerprint.
While the probability is non-zero, but it is roughly equal to accidentally
guessing the discrete logarithm of a DSA key or a prime factor of the RSA key.
> It's not exactly *likely*, but it's not quite zero. I heard a
> urban-legendish story once about someone who (completely accidentally)
> generated a key that just happened to have a fingerprint collision with
> someone else's key. Unfortunately, thinking it was a bug, they deleted
> the key... make of that what you will :)
There WAS a bug and he did the right thing.
Re: Non-SHA-1 fingerprints David Shaw
Re: Non-SHA-1 fingerprints Ingo Klöcker
Re: Non-SHA-1 fingerprints Daniel Kahn Gillmor
collision-resistance and self-signatures [was: Re: Non-SHA-1 fingerprints] Daniel Kahn Gillmor
Re: Non-SHA-1 fingerprints Ian G