Re: Number of developers, keyring map
On Sun, 30 May 1999, Wichert Akkerman wrote:
> Previously Jason Gunthorpe wrote:
> > It is the single most important field to check. It serves the same purpose
> > as the keyID except that it is much more reliable and cannot be faked at
> > all.
> If I remember things correctly both the key-ID and the fingerprint
> can be faked, although the the fingerprint is harder. You really
> want the combination of both.
I was told that the keyID was simply a random number assigned to the key
at key-generation, with a hacked generator you could assing any number you
like. However, to duplicate a fingerprint you would have to break MD5,
which if possible means we are in deep trouble anyhow :>