ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Followup on fingerprints

2015-08-04 01:45:37
On Tue,  4 Aug 2015 04:42, look@my.amazin.horse said:

And the actual attack is "slightly weaker non-repudiation"?

... when using a truncated fingerprint.

Why should anyone truncate a fingerprint from 20 bytes to 13 bytes?
This is an arbitrary value in between the known weak 8 byte keyids and
the full 20 byte fingerprints for which we expect that in our lifetime
collisions can be created.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp