On 29 Jul 2015, Phillip Hallam-Baker wrote:
If we are doing ECC, it is quite practical for someone to generate
2^50 keys and then pick the two that match in the first 100
bits. This can then be used for attacks, particularly if the keys
are not enrolled in some sort of blockchain.
What sort of attacks are we talking about here?
The other bit I left out is the idea of compression. The idea here
being that the person generating the key looks for a fingerprint
that has 0s for the first n bits. Then the fingerprint starts with a
version number that says 'the first 32 bits are 0s' or whatever.
What do you mean here by "looks for"? Doesn't this effectively just
limit the bitsize of used fingerprints?
- V
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp