Re: Check for revocation certificates before running apt-get?
On Mon, Dec 30, 2013 at 06:45:48PM +0100, Florian Weimer wrote:
> * Kurt Roeckx:
>
> > On Sun, Dec 15, 2013 at 03:15:03AM +0000, adrelanos wrote:
> >> > When you implement this, please ensure it isn't vulnerable to any
> >> > duplicate-keyid problems:
> >> >
> >> > http://debian-administration.org/users/dkg/weblog/105
> >>
> >> Damn, I wasn't aware of the latest news that long key ids are now also
> >> insecure. Thank you for educating me.
> >
> > I think this really shouldn't suprise someone, and I think
> > we've really been saying this for like 10 years. Please note
> > that the "long key" is the last 64 bit of the fingerprint,
> > not the whole 160 bit of the SHA-1.
>
> It's even worse. For v3 keys, the long key ID consists of the lowest
> 64 bits of the modulus. If the long key ID happens to be odd, you
> just have to generate a prime which is congruent 1 modulo 2**64, and
> another prime that is congruent the desired long key ID, which is not
> that much work (it's about as expensive as regular key generation).
> For even key IDs, this wouldn't work if GnuPG has additional checks,
> but I doubt it.
And I think this is why we got rid of v3 keys.
Kurt
Reply to: