[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached
From: |
Christoph Egger |
Subject: |
Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached |
Date: |
Sat, 04 Jun 2016 01:05:41 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Hi!
Gunnar Wolf <address@hidden> writes:
> There are several tools relying on this (now very) weak 32-bit scheme;
> the first such tool we found was precisely the «PGP pathfinder & key
> statistics» service, which fails badly: Even specifying the full
> fingerprints, I do get three (absolutely fake!) trust path into the
> impostor:
>
>
> http://pgp.cs.uu.nl/mk_path.cgi?FROM=AB41C1C68AFD668CA045EBF8673A03E4C1DB921F&TO=88BB08F633073D7129383EE71EA37A0C9F6C6333&PATHS=trust+paths
Moving this to full fingerprints is pretty high on my TODO list for a
while .. though old consumers seem to be pretty unhappy with any change
to the data so this needs fixing as well (the website being the only
exception). Hope I can get it done this summer ...
You shouldn't trust the data there fwiw .. the mining script doesn't
actually *check* any signatures and blindly believes what it says on the
envelope. Might change as well when I fix the collector but we'll see.
Christoph
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer