[107424] in Cypherpunks
Re: PGP Fingerprint
daemon@ATHENA.MIT.EDU (Anonymous)
Wed Jan 13 19:52:08 1999
Date: Thu, 14 Jan 1999 01:25:30 +0100
From: Anonymous <nobody@replay.com>
To: cypherpunks@einstein.ssz.com
Reply-To: Anonymous <nobody@replay.com>
> Keep in mind that it is relatively trivial to create a new key with the
> same fingerprint or KeyID as another, although creating one that duplicates
> both is probably too far out.
Not exactly: making a key with the same fingerprint as an existing one is way
too far out, and creating a key with the same KeyID as another is no harder
than creating any old key.
The fingerprint is, as you said, a cryptographic hash of the key bits. The
definition of a cryptographic has function is...not the point, but it implies
that however many bits of this hash you share (four in each hex character), it
takes 2^(that many bits) to make a key with the same hash. If the attacker had
some control over the key generation, the subversion could take 2^(half that
many bits), although a situation in which that fact would matter is rare -- I
think.
A slightly cleverer technique would make it much quicker to verify over the
phone (fewer bits tossed around) -- after the key is distributed, the
verifier's computer chooses a short random number, which the verifier tells the
keyholder over the phone. The keyholder hashes said number with the key and
tells the verifier part of the hash. The verifier also does the hashing with
his copy of the key and checks it with the hash-part received over the phone.
> Neither are guaranteed to be unique.
There's only the tiniest possibility that two keys would have the same
fingerprint.
> Of course, in order to trust a key, you really need to rely on signatures,
> not IDs or fingerprints.
Not necessarily. Fingerprints can verify a key if you can be sure the
fingerprint came from the real key owner. For some threat models, this would
mean over-the-phone verification would do it (for the others, you'd have to
meet in person or do something even more drastic).
You have to have some highly-trusted keys from some highly-trusted people
before you use signatures to verify a key, so it can be better to use
fingerprints in a few situations.
There were two older, buggier fingerprinting methods that wouldn't be up to the
task of establishing a web of trust. One didn't include all necessary
information in the hash; another used MD5, which is now considered to be one of
the weaker of the bunch.
>
> Basically, use the KeyID in your sig, verify with the fingerprint.
You're not too much better off with your fingerprint on an email, true.
>
> Paul Holman
> Fort Nocs
> PGP KeyID: 3F5AB569
