On Thu, Jan 3, 2013 at 7:18 AM, Andrey Jivsov <openpgp(_at_)brainhub(_dot_)org>
wrote:
We exchanged a few emails on gnupg list about this this issue, which I
think belongs here, the OpenPGP thread.
[snip]
Public keys offer a reasonable opportunity to place arbitrary bytes into
fields that are hashed. For example, DSA P,Q,G, are primes. Every byte but
the last one of a 2048 bit prime can be fixed, on average, due to the high
density of primes. It suggests that the task of finding a collision with
public keys is at least no more difficult than for ASCII documents.
If anyone has already done this, they are keeping very quiet about it.
I don't think I favour interim solutions - it would be better if the issue
were tackled directly. From a user point of view, it would be good if new
formats were decided that hard-wire a new formats. I think that these
decisions should be made sooner rather than later, because it will take
some years for end-user software to fully catch up. Is it impossible to
think that new standards would be decided this year?
One issue with SHA-3 is that the fingerprints are going to be very long.
How should these be displayed to the user? Hex strings seem unsuitable
for this task, and I think any new standard should recommend that
fingerprints be displayed in some other way - probably using a different
base.
Best wishes,
N.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp