[Top] [All Lists]

Re: [openpgp] Fingerprints and their collisions resistance

2013-01-03 03:33:44
On Thu, Jan 3, 2013 at 7:18 AM, Andrey Jivsov <openpgp(_at_)brainhub(_dot_)org> 

We exchanged a few emails on gnupg list about this this issue, which I
think belongs here, the OpenPGP thread.


Public keys offer a reasonable opportunity to place arbitrary bytes into
fields that are hashed. For example, DSA P,Q,G, are primes. Every byte but
the last one of a 2048 bit prime can be fixed, on average, due to the high
density of primes. It suggests that the task of finding a collision with
public keys is at least no more difficult than for ASCII documents.

If anyone has already done this, they are keeping very quiet about it.

I don't think I favour interim solutions - it would be better if the issue
were tackled directly.  From a user point of view, it would be good if new
formats were decided that hard-wire a new formats.  I think that these
decisions should be made sooner rather than later, because it will take
some years for end-user software to fully catch up.  Is it impossible to
think that new standards would be decided this year?

One issue with SHA-3 is that the fingerprints are going to be very long.
 How should these be displayed to the user?  Hex strings seem unsuitable
for this task, and I think any new standard should recommend that
fingerprints be displayed in some other way - probably using a different

Best wishes,

openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>