Bryan Ford <brynosaurus(_at_)gmail(_dot_)com> writes:
Someone who wants to pass themselves off as me can simply spend a bit of time
mining for a new PGP key whose fingerprint matches mine, or yours, in the
first 10 digits or so, and perhaps the last few as well.
We already have good data on that via SSH's fuzzy fingerprints, with tools to
generate and exploit them having been around for some years. They're quite
effective.
The whole idea of providing some form of “mining-resistance” in a fingerprint
scheme is to enable the key-owner to invest some effort at key-creation time,
to ensure that any attacker who wants to try to mine for a key with a similar-
looking fingerprint will have to invest a *lot* more time and effort, not just
a little.
I'm not sure if this is worth the effort, see "Do Users Verify SSH Keys?",
https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf. The
solution isn't to try and patch up something that inherently doesn't work
(look at browser PKI for a twenty-year, and still running, example of trying
to do that) but to look for alternative approaches to dealing with the
problem.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp