* Jon Callas wrote:
A key fingerprint is little more than a hash of the key material, the
creation time, and a few constants. There's very little place in there
to manufacture a collision. Fingerprints need little more than
The recent attack allows to construct two "random" messages differing in
some (few) bits generating the same hash.
So a possible attack might be to generate such a collision and search one of
the messages in existing key material from the key servers. If some key was
found containing one of those sequences, it can be replaced by a different
key by changing those few bits.
This manipulation does not change the fingerprint and might not change the
key signature nor the user certificates, so the modified key is a drop in
replacement for the old one.
The main advantage for the attacker is, that the modified key might be easily
factorised. Very likely. So the attacker can mount a MITM attack using the
web of trust to hide it.