Home page logo

bugtraq logo Bugtraq mailing list archives

Re: PGP Signatures security BUG!
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Wed, 8 Mar 2000 13:10:39 -0500

In message <p04310108b4eabe46523c () [130 227 158 132]>, "Povl H. Pedersen" writes

It will take a long time to generate a new key with a specific
fingerprint, but nonetheless, this 'overwriting' and hiding of other
users IDs in the public PGP servers is bad.

Minor nit -- there's a big difference between a "fingerprint" -- which is the
result of a cryptographic hash on the key, and should *never* collide (and if
it does, you can get lots of attention by showing that the hash function isn't
strong enough) -- and a "key id", which is much shorter.

                --Steve Bellovin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]