Marcus Brinkmann
<marcus.brinkmann=40rub(_dot_)de(_at_)dmarc(_dot_)ietf(_dot_)org> wrote:
>> Does this mean, comparing a 20 bytes (40 hex digits) fingerprint, as
>> printed by e.g. GnuPG 2.2.x, is no longer a reliable way to verify you
>> have obtained the correct key?
> The answer to this would formally be "yes", because after creating two
> such keys, the attacker could first show you one key, and, later on show
> you the other key and if the only thing you remember about the first key
> is the fingerprint, you have no way to notice the swap.
Would the attacker have to control the private keys of both generated keys to
accomplish this? I don't entirely see why.
Clearly the signatures generated by the two keys (with identical
fingerprints) would also be different (assume that the signatures were
calculated on a SHA256 hash, to remove an attack from that side).
> The question if this is an actual problem (i.e.: violates a security
> goal that the user is actually interested in) is more difficult to
> answer and depends on many details. Figuring this out would require a
> careful review of OpenPGP implementations and applications using OpenPGP.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on
rails [
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp