ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Fingerprint requirements for OpenPGP

2016-04-14 11:40:26
On Thu, Apr 14, 2016 at 11:20 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com> 
wrote:
Joseph Lorenzo Hall <joe(_at_)cdt(_dot_)org> writes:

On Tue, Apr 12, 2016 at 9:15 AM, Vincent Breitmoser
<look@my.amazin.horse> wrote:
Joseph Lorenzo Hall(joe(_at_)cdt(_dot_)org)@Tue, Apr 12, 2016 at 09:06:11AM 
-0400:
If you have two keys that map to the same fingerprint, then an
attacker can decide to serve you whichever is in their best interest.

The premise of your scenario is that you are already using a key
generated by the attacker. What could an attacker possibly gain by
possessing a second key with the same fingerprint?

Sorry so slow to respond... my premise is that increasingly I query
for full fprs to obain keys from keyservers and if that maps onto two
different keys with the same UserID that would be bad.

I guess what the rest of the thread here is saying is that it would be
so computationally difficult for a malicious keyserver to find a
collision that this isn't a problem.

That's not a collision, that's a preimage attack.

A collision is where Eve generates a pair of keys together with the same
fingerprint, but doesn't care what that key/fingerprint is -- only that
they are the same.  A preimage attack is where you're trying to find a
key that matches a specific (existing) fingerprint.  That's a MUCH
harder attack.

So yes, it would be extremely difficult for Eve to generate a key with
the same fingerprint as Alice's key.

Thanks for this, and for putting up with my relatively cryptographic
naivete for this WG!

best, Joe

-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe(_at_)cdt(_dot_)org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp