Kai Engert <kaie(_at_)kuix(_dot_)de> wrote:
>> * The authors could have easily created colliding public keys with
>> identical (160 bit SHA-1) fingerprints, at the cost of 45k USD.
>> Although I don't know about any attack made possible by owning such a
>> pair of keys, the pure existence of a fingerprint collision could cause
>> problems in some appliations, triggering potential bugs in code that
>> assumes fingerprints can never be identical.
> Does this mean, anyone can create a key pair that has the same
fingerprint as
> I have on my business card, by spending that amount of money?
I did not read that. It could be true, but I did not conclude that.
I read that they can forge a signature from you (or me), on a key, attesting
to your email address being attached to your key.
So, they can attach a different key, with a different fingerprint, to your
email address, with a signature that appears to come from either of us.
> Does this mean, comparing a 20 bytes (40 hex digits) fingerprint, as
printed
> by e.g. GnuPG 2.2.x, is no longer a reliable way to verify you have
obtained
> the correct key?
I don't believe that this is the case.
I don't believe that there is anything in the bytes that goes into the
fingerprint that would permit a JPEG to be inserted to provide the mutable
bytes needed.
I also want to say that constructs that use HMAC-SHA1 (IPsec, TLS) are not
affected.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on
rails [
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp