[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Number of developers, keyring map

On 31 May 1999, Craig Brozefsky wrote:

> > For RSA keys, you want the keyid, fingerprint and keylength. I've 
> > seen keys that had identical fingerprints and keyids, but different 
> > keylengths.
> Yes, the key length is critical.  It's because of the ability to vary
> the key length that this attack is possible.  MD5 is a hash, and there
> are an infinite number of sequences that will generate any particular
> MD5 identifier.  Obviously we are limited to throwing our much much
> much smaller than "infinetly large" keys, but even within the range of
> those keys acceptable to pgp there are ways to generate collisions.

I've sent a mail to the GPG list asking for guidance and some more support
in GPG for this.. It looks like I'll change the field to


Depending on if the keyID is an important distinguishing mark (the 6d.. 
number is the untruncated keyID) R indicates it is an RSA key and the D is
DSA (to prevent attacks across keytypes) 

Here is an interesting question - For all the signing parties that go on,
how are the keys ID'd? I'd hope the use the full bizzillion number ID I
give above, but no tools print the full keyID very easially.


Reply to: