[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild

Gunnar Wolf dijo [Wed, Aug 10, 2016 at 02:08:12PM -0500]:
> That's the reason why a key by itself means little, but we do place
> value on the web of trust around it.
> (...blah...)

Anyway, I managed to twist my mail with many facts and make it into a
long mess :) That was my main point. Nobody should trust my key to be
"just" even AB41C1C68AFD668CA045EBF8673A03E4C1DB921F — It's not yet
feasible to willingly create a collision, but by mere chance, somebody
might just find it on their next key generation. My identity should be
trusted based on this long number plus the web of trust around

It is highly unlikely somebody will find a collision with my
fingerprint by itself, but it's mindboggingly stupidly utterly
bloody unlikely some will find two, three other (even 64-bit)
collisions to sign my fake with. And I have over a hundred ;-)

Attachment: signature.asc
Description: Digital signature

Reply to: