On Tue, 4 Aug 2015 04:42, look@my.amazin.horse said:
And the actual attack is "slightly weaker non-repudiation"?
... when using a truncated fingerprint.
Why should anyone truncate a fingerprint from 20 bytes to 13 bytes?
This is an arbitrary value in between the known weak 8 byte keyids and
the full 20 byte fingerprints for which we expect that in our lifetime
collisions can be created.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp