[107425] in Cypherpunks
Re: PGP Fingerprint
daemon@ATHENA.MIT.EDU (mgraffam@idsi.net)
Wed Jan 13 19:52:10 1999
From: mgraffam@idsi.net
Date: Wed, 13 Jan 1999 20:09:48 -0500 (EST)
To: Paul Holman <pablos@fortnocs.com>
cc: cypherpunks@toad.com
In-Reply-To: <369D235C.C9A85A51@fortnocs.com>
Reply-To: mgraffam@idsi.net
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 13 Jan 1999, Paul Holman wrote:
> Fingerprints are actually an MD5 hash of the key bits.
> The KeyID is 32 bits stripped off the end of the public key modulus.
> Keep in mind that it is relatively trivial to create a new key with
> the same fingerprint or KeyID as another, although creating
> one that duplicates both is probably too far out.
Hmm.
Generating a key with the same fingerprint as another amounts to finding
two messages that hash to the same value. A collision. I would not use
the term "relatively trivial" to describe such an operation.. unless
there is something I am missing?
Generating a key with the same ID seems like it would be easier at
first. We know the modulus that we want to look like (need the last
32 bits the same). Seems to me that we can either factor the modulus
directly, or take the 32 bits, and tack them on to a random number,
test for primality, and factor. Either way, you need to factor ..
which ain't happening. Or do you know of a way of choosing p and q
to be prime, and to have a product with 32 known end bits?
It doesn't seem to me that either of these spoofs would be simple,
unless you have a profoundly different idea of what 'simple' is :)
Michael J. Graffam (mgraffam@idsi.net) http://www.idsi.net/~mgraffam
"86% of conspiracy theories have some basis in truth... but, oddly enough,
it's that last 14% that usually gets you killed."
--Talas (http://cadvantage.com/~algaeman/conspiracy/public.htm)
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBNp1D4AKEiLNUxnAfAQGWVAP/RZbNd5eRu1PUFQtOr1pMtHhbmKwEgnoE
JhLDkjFluDgmp7DrLF+1HYIgyiCaZ3pP7aux0q69LLzJauEETklyingXyFIm9tnJ
/HwMAOPJzsHkfIrtGw3sEWnYjZ61f7KjxcDtm/RQinqXCOyAcCLcfkeDgzhdxuBM
6Z4aVjdRngw=
=ZC6O
-----END PGP SIGNATURE-----
